Category Archives: Cyberspace Adminstration of China 中央網絡安全和信息勇

A Summary of China ‘s Internet Security Situation in China in 2016 // 2016年中國中國互聯網安全形勢總結

A Summary of China ‘s Internet Security Situation in China in 2016

2016年中國中國互聯網安全形勢總結

19 APRIL 2017 BEIJING, People’s Republic of China

April 19, the National Computer Network Emergency Technology Processing Coordination Center (referred to as “National Internet Emergency Response Center”, the English referred to as “CNCERT”) released “China’s Internet security situation in 2016,” a review of China’s Internet macro security situation monitoring On the basis of the combination of network security warning and emergency response work, the paper focuses on analyzing and summarizing the Internet security situation of China in 2016 and predicting the hotspot of network security in 2017.

Analysis of Internet Security Monitoring Data in China in 2016

CNCs continued to monitor the macroeconomic situation of China’s cybersecurity. In 2016, the number of mobile Internet malicious programs was captured, the number of backdoor attacks and the number of security vulnerabilities were increased compared with 2015, and the number of Trojans and botnets was denied. Quantity, phishing and page tampering the number of pages have declined.

According to the sampling monitoring, about 70,000 Trojans and botnet control servers in 2016 control 1699 million hosts in our country, the number of control servers decreased by 8.0% compared with 2015, the number of domestic infection host decreased by 14.1% compared with 2015. The Among them, about 48,000 from outside the control server control of China’s 1499 million units in the host, from the United States the number of control servers in the first place, followed by Hong Kong, China and Japan.

In the botnet found in the detection of malicious programs and the formation of botnets, the size of more than 100 hosts in the number of botnets 4896, of which the size of more than 100,000 units in the number of botnets 52. According to the quantitative analysis of the distribution of Trojans and botnets in China, the top three were Guangdong Province (13.4% of the total number of infections in China), Jiangsu Province (9.2%) and Shandong Province (8.3 %). In order to effectively control the damage caused by the host of Trojans and botnets, in 2016, under the guidance of the Ministry of Industry and Information Technology, under the guidance of “Trojan and botnet monitoring and disposal mechanism”, CNCERT organization basic telecommunications companies, domain name service agencies, etc. successfully closed 1011 Control the larger botnets.

In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor switching, an increase of 39.0% over 2015, and continued to maintain rapid growth in the past seven years. According to their malicious behavior classification, the top three were hooliganism, malicious deductions and tariff consumption class 1, accounting for 61.1%, respectively, 18.2% and 13.6%. CNCERT found that mobile Internet malicious program download links nearly 670,000, an increase of nearly 1.2 times compared with 2015, involving more than 22 million source of the source, IP address of more than 30,000, the number of malicious programs spread to 124 million times.

In 2016, CNCERT focused on the “album” category 2 Andrews and malicious pornographic software with malicious deductions and maliciously disseminated attributes that were spread by SMS and had malicious behavior such as stealing user messages and correspondence, and coordinated work The A total of 47,316 cases of such malicious programs were found in the year, and more than 1.01 million were collected, and 6045 domain names were used to disseminate malicious programs. 7645 malicious mailbox accounts for receiving user’s text messages and contacts were used to receive user text messages Malicious mobile phone number 6616, leaked users SMS and address book mail 222 million, seriously endangering the user’s personal information security and property security. Under the guidance of the Ministry of Industry and Information Technology, according to the “mobile Internet malicious program monitoring and disposal mechanism”, CNCERT organization of e-mail service providers, domain name registrar and other active coordination work to find the malicious mailbox account, malicious domain name, etc. Dispose of.

Second, 2016 China’s Internet security situation

In recent years, with China’s network security laws and regulations, management system of continuous improvement, China’s network security technology strength, personnel, international cooperation, and achieved remarkable results. In 2016, China’s Internet security situation is generally stable, the rapid development of network security industry, network security and protection capabilities have been improved, international cooperation to further strengthen the network security. But with cyberspace strategically

The increasing number of countries, the world’s major countries have set up cyberspace attack capability, the growing national network conflict, China’s cyberspace security challenges facing increasingly complex.

Domain name system security in good condition, anti-attack ability increased significantly. In 2016, China’s domain name service system security in good condition, no major security incidents. According to the sampling monitoring, 2016 years for China’s domain name system traffic scale of more than 1Gpbs DDoS attacks on the daily average of about 32 cases, did not affect the domain name resolution services in China, the basic telecommunications companies have not seriously affected the success rate of analysis Attack events, mainly with the domain name system to strengthen security measures, anti-DDoS attack ability significantly improved related. In June 2016, there were large-scale DDoS attacks against the global root domain name servers and their mirrors. Most of the root domain servers were affected to varying degrees. The domain name mirroring servers in China also suffered large-scale network traffic attacks at the same time. Due to emergency treatment in a timely manner, and the root zone top-level domain cache expiration time is often more than 1 day, the attack did not affect the domain name system network security.

For the industrial control system of network security attacks increasing, many important industrial control system security incidents should pay attention. In 2016, the world occurred more than the major areas of industrial accidents worthy of our country wake up. In August, Kaspersky Security Laboratories exposed the “ghoul” network attack against the industrial sector, which focused on the Middle East and other countries’ Industrial enterprises launched a targeted network intrusion; in December, the Ukrainian power grid once again experienced a power supply failure, according to the analysis of the origin of this malpractice “dark forces” variants.

China’s industrial control system is huge, security vulnerabilities, malicious detection, etc. to our industrial control system to bring some security risks. As of the end of 2016, CNVD included 1036 industrial malpractices, of which 173 were included in 2016, an increase of 38.4% over 2015. Industrial control system mainly exists buffer overflow, lack of access control mechanism, weak password, directory traversal and other loopholes risk. Through the analysis of network traffic, 2016 CNCERT cumulative monitoring to the network of industrial equipment fingerprint detection event more than 880,000 times, and found 60 countries from outside the 1610 IP address of China’s network of industrial equipment for fingerprint detection.

High-level persistent threat normalization, China’s attack is particularly serious threat. As of the end of 2016, domestic enterprises issued a senior Sustainability Threat (APT) study reported a total of 43 APT organizations, including targeted targets for China’s APT organizations have 36 4. From the attack to achieve the point of view, more APT attacks using engineering to achieve, that is, relying on commercial attack platform and the Internet black industry

Chain data and other mature resources to achieve APT attacks. This kind of attack not only reduces the technical and resource threshold of initiating APT attack, but also increases the difficulty of traceability analysis. In 2016, many of the important information system for the implementation of the APT attacks were exposed, including “white elephant action 5”, “Man Linghua attack action”, mainly in China’s education, energy, military and scientific research as the main target The In August 2016, the hacker organization “Shadow Brokers” published the Formula Organization 6 frequently used toolkits, including various firewall exploits, hacking tools and scripts involving Juniper, Flying Tower, Cisco, and Financial letter, Huawei and other manufacturers products. CNCERT released 11 software vulnerabilities (there are four suspected 0day vulnerability) for census analysis and found that the world has about 120,000 IP addresses carrying the relevant products of network equipment, of which China’s IP address of about 33,000, accounting for 27.8% of all IP addresses poses a serious potential threat to cyberspace security in China. In November 2016, the hacker organization “shadow broker” also announced a group has been attacked by the National Security Agency network control and IP address and domain name data, China is the most attacked countries, involving at least nine universities in China, 12 Energy, aviation, telecommunications and other important information systems departments and two government information centers.

A large number of networked smart devices were attacked by malicious programs to form botnets, which were used to initiate large traffic DDoS attacks. In recent years, with the intelligent wearable equipment, intelligent home, intelligent routers and other terminal equipment and network equipment, the rapid development and popularization, for the Internet of intelligent devices, the proportion of network attacks increased, the attackers use the Internet of things intelligent device vulnerabilities Access to device control rights, or other hacker underground transactions for user information data theft, network traffic hijacking, or for controlling the formation of large-scale botnets. CNCERT on-line monitoring of vehicle network security system analysis and found that some car network information service providers and related products, security vulnerabilities can lead to vehicle, location and vehicle owners information disclosure and vehicle remote control and other security risks. At the end of 2016, Mirai malicious programs were widely watched as a result of large-scale off-site events on the east coast of the United States and a large number of users of Deutsche Telekom visited Internet anomalies. Mirai is a typical use of Internet of things intelligent device vulnerabilities to penetrate infiltration to achieve the control of the device malicious code, the number of charged devices accumulated to a certain extent will form a huge “botnet”, known as “Mirai botnet.” And because of Internet of things intelligent devices are generally 24 hours online, infected with malicious programs are not easily perceived by the user, forming a “stable” attack source. CNC inspections of the Mirai botnet show that by the end of 2016, a total of 2526 control servers were deployed to control 125.4 million devices, which posed a serious potential security threat to the stable operation of the Internet. In addition, CNCERT also analyzed the Gafgyt botnet sampling analysis. In the fourth quarter of 2016, a total of 817 control servers were selected to control 425,000 devices, and more than 18,000 DDoS attacks were initiated, with peak traffic 5Gpbs more than 72 times the number of attacks.

Web site data and personal information leak is not uncommon, “derivative disaster” serious. Due to the disappearance of the traditional boundaries of the Internet, all kinds of data spread across the terminal, network, mobile phone and cloud, coupled with the interests of the Internet black industry chain driven by data leakage threats are increasing. In 2016, the domestic and international website data and personal information leakage incidents frequently, the political, economic and social impact gradually deepened, and even personal life safety has also been violated. In the United States, the United States election candidate Hillary’s mail leak, directly affect the US election process; Yahoo two account information disclosure involving about 1.5 billion personal accounts, resulting in US telecom operators Verizon $ 4.8 billion acquisition of Yahoo plans to shelve May even be canceled. In the country, China’s immune planning system network was malicious invasion, 200,000 children’s information was stolen and publicly sold online; information leakage led to frequent fraud cases, college entrance examination information leaks to take away the university students will soon enter the life of Xu Yuyu ; 2016 public security organs were detected more than 1,800 cases of infringement of personal information, seized 30 million pieces of personal information of various types of citizens. In addition, according to the news media reported that Russia, Mexico, Turkey, the Philippines, Syria, Kenya and other countries of the government website data leaked.

Mobile Internet malicious program more profitable, mobile Internet black industry chain has matured. In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor exchange, up 39.0% from 2015 and continued to grow at a high rate in the past six years. Through malware behavior analysis, it was found that the number of applications for fraudulent, malicious deductions, lockdowns and other economic interests was 59.6% of the total number of malicious programs, nearly three times over 2015. From the spread of malicious programs found that fraudulent acts of fraudulent procedures mainly through SMS, advertising and network disk and other specific communication channels to spread, the number of infected users reached 24.93 million, causing significant economic losses. From the attack mode of malicious programs, it is found that the number of malicious programs that steal SMS verification codes is larger than that of SMS, and 10845 samples are obtained in the whole year. It shows the characteristics of simple production, fixed attack mode and huge profits. The mobile Internet industry Mature.

Extortion software raging, a serious threat to local data and intelligent equipment security. According to CNCERT monitoring found in 2016 in the traditional PC side, to capture extortion class malicious program sample of about 19,000, the number of a record high in recent years. Analysis of extortion software attack object found that extortion software has been gradually extended from the individual terminal equipment to business users, especially for high-value target blackmail situation

Heavy. For enterprise users, blackmail software exploits security vulnerabilities to attack, the enterprise database encryption and extortion, the end of 2016 open source MongoDB database was a blackmail software attacks, a large number of users affected. For personal terminal equipment, extortion software malicious behavior in the traditional PC and mobile terminals show obvious different characteristics: in the traditional PC side, mainly through the “encrypted data” to blackmail, that is, the user’s computer file encryption, stress users Purchase the decryption key; on the mobile side, mainly through the “encryption device” to blackmail, that is, remote lock the user mobile devices, so that users can not use the device, and to coerce users to pay the cost of unlocking. However, from the extortion of software transmission point of view, the traditional PC and mobile side show a common, mainly through e-mail, counterfeit normal application, QQ group, network disk, paste it, victims and other spread.

Three, 2017 worthy of attention to the hot spots

According to the analysis of the characteristics of China’s Internet security situation in 2016, CNCERT predicts that the hot spots that are worthy of attention in 2017 are as follows.

(A) cyberspace according to the law of governance more clear. On November 7, 2016, the Twenty-fourth Session of the Standing Committee of the 12th National People’s Congress passed the “Network Security Law” and came into effect on June 1, 2017. The Act has 7 chapters and 79 articles on cyberspace sovereignty, network products and service providers ‘security obligations, network operators’ safety obligations, personal information protection rules, critical information infrastructure security protection systems and important data cross-border transmission rules, etc. Has been clearly defined. It is expected that the departments will pay more attention to the propaganda and interpretation work of the “Network Security Law” in 2017, compile relevant supporting policies and regulations, implement various supporting measures, and make cyberspace according to law more clear.

(B) the use of Internet of things intelligent device network attacks will continue to increase. 2016 CNVD collection of intelligent networking equipment vulnerabilities 1117, mainly related to web cameras, intelligent routers, smart appliances, intelligent gateway and other equipment. The vulnerability type is mainly privilege to bypass, information disclosure, command execution, etc., which weak password (or built-in default password) vulnerability is easy to be used, the actual impact is very extensive, malicious code attack to use an important risk point. With the development of unmanned aerial vehicles, autopilot vehicles, the popularity of smart home appliances and the development of smart cities, the number of vulnerabilities in networked smart devices will increase significantly, and network attacks against or using intelligent networking devices will be more frequent.

(C) the Internet and the traditional industry integration caused by the security threat is more complex. With the deepening of China’s “Internet +” and “Made in China 2025” action plan, almost all traditional industries, traditional applications and services in China are being changed by the Internet, bringing innovation and development opportunities to various industries. In the process of integration innovation and development, the traditional industry closed mode gradually changed to open mode, but also the future of the Internet virtual network security events into real-world security threats. Internet finance, industrial Internet and other emerging industries rapid development, but triggered a new network security threats can not be ignored, the Internet financial integration of information flow and capital flow, the risk of information flow is likely to lead to loss of capital flow; industrial control system more For the intelligent, network, open Internet brings malicious sniffing behavior increased, the risk of malicious attacks continue to increase. Traditional Internet security and real-world security issues intertwined with the security threat is more complex, the consequences are more serious.

(D) personal information and important data protection will be more attention. In recent years, the development of Internet technology is extremely convenient and rich in our lives and work, online shopping, online job search, social platform, government services and other platforms are filled with a large number of personal detailed privacy information. Since 2011, China’s serious personal information on the leak of the event, especially in recent years, the case of network fraud, the victim’s details have been grasped by fraud, to social stability and serious harm. 2013 “Snowdon incident” and the follow-up of the US government has been a large-scale monitoring of the project, to stimulate countries to strengthen the protection of important data measures, strict norms of Internet data collection, use, storage and so on. China in the “Network Security Law” on the personal information protection rules, important data cross-border transmission has been clearly defined, is expected on personal information and important data protection of the detailed regulatory documents will be enacted, and effectively implement the protection measures.

(5) Network security threats Information sharing has attracted the attention of all parties. Timely comprehensive access to and analysis of network security threats, ahead of network security early warning and deployment of emergency response measures, fully embodies a national network security comprehensive defense capabilities. Through the network security threat information sharing, the use of collective knowledge and technical ability, is to achieve a comprehensive grasp of the network security threats an effective way. The United States as early as 1998 in the Clinton administration signed a presidential decree to encourage the government and enterprises to carry out network security information sharing, to the Obama administration is the network security information sharing is written into the government bill. In recent years, China attaches great importance to the work of network security information sharing, in the “Network Security Law” clearly put forward to promote the relevant departments, key information infrastructure operators and the relevant research institutions, network security services and other network security information sharing The However, in the face of complex and multi-dimensional data source information, how to carry out sharing and in-depth analysis efficiently, we need to establish a set of information security standards for network security threats based on large data analysis. At present, many organizations in our country have been engaged in the exploration and practice of information sharing of network security threats. The relevant national standards and industry standards have been formulated. CNCERT has also established a network security threat information sharing platform for sharing in the communication industry and security industry. jobs.

(6) the background of the network disputes will continue to heat up the degree of concern. At present, China’s Internet penetration rate has reached 53.2% 7, the public through the Internet to get the news more and more fast and convenient, people concerned about the global political hot spots are also rising. 2016 US presidential election “mail door” incident, the Russian hacker exposure of the World Anti-Doping Agency scandal, etc., allow netizens to feel organized, purposeful careful network attacks can have a serious impact on the politics of other countries, Will have a national background of the network disputes from the perspective of industry concerns extended to all Internet users. With a large number of countries continue to strengthen the network space military capacity building, there are national background of the network dispute event will be hot, the crisis frequently, the trend of popular discussion will continue to heat up.

(7) based on artificial intelligence network security technology research in full swing. In the third World Internet Conference, “World Internet leading technology results release activities” site, Microsoft, IBM, Google three major international technology giants show machine learning based on artificial intelligence technology, for us to describe a beautiful future of artificial intelligence. At present, the network attack events are endless, the means are complex, the purpose is complex, the shortage of network security personnel is difficult to cope with the rapid changes in the network security situation, and machine learning in the field of data analysis outstanding performance, artificial intelligence is considered in the network security will “Great as”. There are statistical agencies found that the 2016 “network security” and “artificial intelligence” co-appeared in the article the frequency of rapid rise, indicating that more and more discussions will be linked together with the two together. Based on the large data related to network security, artificial intelligence technology such as machine learning can make breakthrough progress in unknown threat discovery, network behavior analysis and network security warning.

Original Mandarin Chinese:

4月19日消息,國家計算機網絡應急技術處理協調中心(簡稱“國家互聯網應急中心”,英文簡稱“CNCERT”)發布《2016年我國互聯網網絡安全態勢綜述》,在對我國互聯網宏觀安全態勢監測的基礎上,結合網絡安全預警通報、應急處置工作實踐成果,著重分析和總結了2016年我國互聯網網絡安全狀況,並預測2017年網絡安全熱點問題。
一、2016年我國互聯網網絡安全監測數據分析
CNCERT持續對我國網絡安全宏觀狀況開展抽樣監測,2016年,移動互聯網惡意程序捕獲數量、網站後門攻擊數量以及安全漏洞收錄數量較2015年有所上升,而木馬和殭屍網絡感染數量、拒絕服務攻擊事件數量、網頁仿冒和網頁篡改頁面數量等均有所下降。
據抽樣監測,2016年約9.7萬個木馬和殭屍網絡控制服務器控制了我國境內1699萬餘台主機,控制服務器數量較2015年下降8.0%,境內感染主機數量較2015年下降了14.1%。 。其中,來自境外的約4.8萬個控制服務器控制了我國境內1499萬餘台主機,來自美國的控制服務器數量居首位,其次是中國香港和日本。
在監測發現的因感染惡意程序而形成的殭屍網絡中,規模在100台主機以上的殭屍網絡數量4896個,其中規模在10萬台以上的殭屍網絡數量52個。從我國境內感染木馬和殭屍網絡主機按地區分佈數量分析來看,排名前三位的分別是廣東省(占我國境內感染數量的13.4%)、江蘇省(佔9.2%)和山東省(佔8.3 %)。為有效控制木馬和殭屍網絡感染主機引發的危害,2016年,在工業和信息化部指導下,根據《木馬和殭屍網絡監測與處置機制》,CNCERT組織基礎電信企業、域名服務機構等成功關閉1011個控制規模較大的殭屍網絡。
2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近7年來持續保持高速增長趨勢。按其惡意行為進行分類,前三位分別是流氓行為類、惡意扣費類和資費消耗類1,佔比分別為61.1%、18.2%和13.6%。 CNCERT發現移動互聯網惡意程序下載鏈接近67萬條,較2015年增長近1.2倍,涉及的傳播源域名22萬餘個、IP地址3萬餘個,惡意程序傳播次數達1.24億次。
2016年,CNCERT重點對通過短信傳播,且具有竊取用戶短信和通信錄等惡意行為的“相冊”類2安卓惡意程序及具有惡意扣費、惡意傳播屬性的色情軟件進行監測,並開展協調處置工作。全年共發現此類惡意程序47316個,累計感染用戶超過101萬人,用於傳播惡意程序的域名6045個,用於接收用戶短信和通訊錄的惡意郵箱賬戶7645個,用於接收用戶短信的惡意手機號6616個,洩露用戶短信和通訊錄的郵件222萬封,嚴重危害用戶個人信息安全和財產安全。在工業和信息化部指導下,根據《移動互聯網惡意程序監測與處置機制》,CNCERT組織郵箱服務商、域名註冊商等積極開展協調處置工作,對發現的惡意郵箱賬號、惡意域名等進行關停處置。
二、2016年我國互聯網網絡安全狀況
近年來,隨著我國網絡安全法律法規、管理制度的不斷完善,我國在網絡安全技術實力、人才隊伍、國際合作等方面取得了明顯的成效。 2016年,我國互聯網網絡安全狀況總體平穩,網絡安全產業快速發展,網絡安全防護能力得到提升,網絡安全國際合作進一步加強。但隨著網絡空間戰略地
位的日益提升,世界主要國家紛紛建立網絡空間攻擊能力,國家級網絡衝突日益增多,我國網絡空間面臨的安全挑戰日益複雜。
域名系統安全狀況良好,防攻擊能力明顯上升。 2016年,我國域名服務系統安全狀況良好,無重大安全事件發生。據抽樣監測,2016年針對我國域名系統的流量規模達1Gpbs以上的DDoS攻擊事件日均約32起,均未對我國域名解析服務造成影響,在基礎電信企業側也未發生嚴重影響解析成功率的攻擊事件,主要與域名系統普遍加強安全防護措施,抗DDoS攻擊能力顯著提升相關。 2016年6月,發生針對全球根域名服務器及其鏡像的大規模DDoS攻擊,大部分根域名服務器受到不同程度的影響,位於我國的域名根鏡像服務器也在同時段遭受大規模網絡流量攻擊。因應急處置及時,且根區頂級域緩存過期時間往往超過1天,此次攻擊未對我國域名系統網絡安全造成影響。
針對工業控制系統的網絡安全攻擊日益增多,多起重要工控系統安全事件應引起重視。 2016年,全球發生的多起工控領域重大事件值得我國警醒。 3月,美國紐約鮑曼水壩的一個小型防洪控制系統遭攻擊;8月,卡巴斯基安全實驗室揭露了針對工控行業的“食屍鬼”網絡攻擊活動,該攻擊主要對中東和其他國家的工業企業發起定向網絡入侵;12月,烏克蘭電網再一次經歷了供電故障,據分析本次故障緣起惡意程序“黑暗勢力”的變種。
我國工控系統規模巨大,安全漏洞、惡意探測等均給我國工控系統帶來一定安全隱患。截至2016年年底,CNVD共收錄工控漏洞1036條,其中2016年收錄了173個,較2015年增長了38.4%。工控系統主要存在緩衝區溢出、缺乏訪問控制機制、弱口令、目錄遍歷等漏洞風險。通過對網絡流量分析發現,2016年度CNCERT累計監測到聯網工控設備指紋探測事件88萬餘次,並發現來自境外60個國家的1610個IP地址對我國聯網工控設備進行了指紋探測。
高級持續性威脅常態化,我國面臨的攻擊威脅尤為嚴重。截止到2016年底,國內企業發布高級持續性威脅(APT)研究報告共提及43個APT組織,其中針對我國境內目標發動攻擊的APT組織有36個4。從攻擊實現方式來看,更多APT攻擊採用工程化實現,即依托商業攻擊平台和互聯網黑色產業
鏈數據等成熟資源實現 APT攻擊。這類攻擊不僅降低了發起APT攻擊的技術和資源門檻,而且加大了受害方溯源分析的難度。 2016年,多起針對我國重要信息系統實施的APT攻擊事件被曝光,包括“白象行動5”、“蔓靈花攻擊行動”等,主要以我國教育、能源、軍事和科研領域為主要攻擊目標。 2016年8月,黑客組織“影子經紀人(Shadow Brokers)”公佈了方程式組織6經常使用的工具包,包含各種防火牆的漏洞利用代碼、黑客工具和腳本,涉及Juniper、飛塔、思科、天融信、華為等廠商產品。 CNCERT對公佈的11個產品漏洞(有4個疑似為0day漏洞)進行普查分析,發現全球有約12萬個IP地址承載了相關產品的網絡設備,其中我國境內IP地址有約3.3萬個,佔全部IP地址的27.8%,對我國網絡空間安全造成嚴重的潛在威脅。 2016年11月,黑客組織“影子經紀人”又公佈一組曾受美國國家安全局網絡攻擊與控制的IP地址和域名數據,中國是被攻擊最多的國家,涉及我國至少9所高校,12家能源、航空、電信等重要信息系統部門和2個政府部門信息中心。
大量聯網智能設備遭惡意程序攻擊形成殭屍網絡,被用於發起大流量DDoS攻擊。近年來,隨著智能可穿戴設備、智能家居、智能路由器等終端設備和網絡設備的迅速發展和普及利用,針對物聯網智能設備的網絡攻擊事件比例呈上升趨勢,攻擊者利用物聯網智能設備漏洞可獲取設備控制權限,或用於用戶信息數據竊取、網絡流量劫持等其他黑客地下產業交易,或用於被控制形成大規模殭屍網絡。 CNCERT對車聯網系統安全性進行在線監測分析,發現部分車聯網信息服務商及相關產品存在安全漏洞,可導致車輛、位置及車主信息洩露和車輛被遠程控制等安全風險。 2016年底,因美國東海岸大規模斷網事件和德國電信大量用戶訪問網絡異常事件,Mirai惡意程序受到廣泛關注。 Mirai是一款典型的利用物聯網智能設備漏洞進行入侵滲透以實現對設備控制的惡意代碼,被控設備數量積累到一定程度將形成一個龐大的“殭屍網絡”,稱為“Mirai殭屍網絡”。又因物聯網智能設備普遍是24小時在線,感染惡意程序後也不易被用戶察覺,形成了“穩定”的攻擊源。 CNCERT對Mirai殭屍網絡進行抽樣監測顯示,截至2016年年底,共發現2526台控制服務器控制了125.4萬餘台物聯網智能設備,對互聯網的穩定運行形成了嚴重的潛在安全威脅。此外,CNCERT還對Gafgyt殭屍網絡進行抽樣檢測分析,在2016年第四季度,共發現817台控制服務器控制了42.5萬台物聯網智能設備,累計發起超過1.8萬次的DDoS攻擊,其中峰值流量在5Gpbs以上的攻擊次數高達72次。
網站數據和個人信息洩露屢見不鮮,“衍生災害”嚴重。由於互聯網傳統邊界的消失,各種數據遍布終端、網絡、手機和雲上,加上互聯網黑色產業鏈的利益驅動,數據洩露威脅日益加劇。 2016年,國內外網站數據和個人信息洩露事件頻發,對政治、經濟、社會的影響逐步加深,甚至個人生命安全也受到侵犯。在國外,美國大選候選人希拉里的郵件洩露,直接影響到美國大選的進程;雅虎兩次賬戶信息洩露涉及約15億的個人賬戶,致使美國電信運營商威瑞森48億美元收購雅虎計劃擱置甚至可能取消。在國內,我國免疫規劃系統網絡被惡意入侵,20萬兒童信息被竊取並在網上公開售賣;信息洩露導致精準詐騙案件頻發,高考考生信息洩露間接奪去即將步入大學的女學生徐玉玉的生命;2016年公安機關共偵破侵犯個人信息案件1800餘起,查獲各類公民個人信息300億餘條。此外,據新聞媒體報導,俄羅斯、墨西哥、土耳其、菲律賓、敘利亞、肯尼亞等多個國家政府的網站數據發生了洩漏。
移動互聯網惡意程序趨利性更加明確,移動互聯網黑色產業鏈已經成熟。 2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近6年來持續保持高速增長趨勢。通過惡意程序行為分析發現,以誘騙欺詐、惡意扣費、鎖屏勒索等攫取經濟利益為目的的應用程序驟增,佔惡意程序總數的59.6%,較2015年增長了近三倍。從惡意程序傳播途徑發現,誘騙欺詐行為的惡意程序主要通過短信、廣告和網盤等特定傳播渠道進行傳播,感染用戶數達到2493萬人,造成重大經濟損失。從惡意程序的攻擊模式發現,通過短信方式傳播竊取短信驗證碼的惡意程序數量佔比較大,全年獲得相關樣本10845個,表現出製作簡單、攻擊模式固定、暴利等特點,移動互聯網黑色產業鏈已經成熟。
敲詐勒索軟件肆虐,嚴重威脅本地數據和智能設備安全。根據CNCERT監測發現,2016年在傳統PC端,捕獲敲詐勒索類惡意程序樣本約1.9萬個,數量創近年來新高。對敲詐勒索軟件攻擊對象分析發現,勒索軟件已逐漸由針對個人終端設備延伸至企業用戶,特別是針對高價值目標的勒索情況嚴
重。針對企業用戶方面,勒索軟件利用安全漏洞發起攻擊,對企業數據庫進行加密勒索,2016年底開源MongoDB數據庫遭一輪勒索軟件攻擊,大量的用戶受到影響。針對個人終端設備方面,敲詐勒索軟件惡意行為在傳統PC端和移動端表現出明顯的不同特點:在傳統PC端,主要通過“加密數據”進行勒索,即對用戶電腦中的文件加密,脅迫用戶購買解密密鑰;在移動端,主要通過“加密設備”進行勒索,即遠程鎖住用戶移動設備,使用戶無法正常使用設備,並以此脅迫用戶支付解鎖費用。但從敲詐勒索軟件傳播方式來看,傳統PC端和移動端表現出共性,主要是通過郵件、仿冒正常應用、QQ群、網盤、貼吧、受害者等傳播。
三、2017年值得關注的熱點
根據對2016年我國互聯網網絡安全形勢特點的分析,CNCERT預測2017年值得關注的熱點方向主要如下。
(一)網絡空間依法治理脈絡更為清晰。 2016年11月7日第十二屆全國人大常委會第二十四次會議表決通過《網絡安全法》,並將於2017年6月1日起施行。該法有7章79條,對網絡空間主權、網絡產品和服務提供者的安全義務、網絡運營者的安全義務、個人信息保護規則、關鍵信息基礎設施安全保護製度和重要數據跨境傳輸規則等進行了明確規定。預計2017年各部門將更加重視《網絡安全法》的宣傳和解讀工作,編制出台相關配套政策法規,落實各項配套措施,網絡空間依法治理脈絡將更為清晰。
(二)利用物聯網智能設備的網絡攻擊事件將繼續增多。 2016年CNVD收錄物聯網智能設備漏洞1117個,

(三)互聯網與傳統產業融合引發的安全威脅更為複雜。隨著我國“互聯網+”、“中國製造2025”行動計劃的深入推進,我國幾乎所有的傳統行業、傳統應用與服務都在被互聯網改變,給各個行業帶來了創新和發展機會。在融合創新發展的過程中,傳統產業封閉的模式逐漸轉變為開放模式,也將以往互聯網上虛擬的網絡安全事件轉變為現實世界安全威脅。互聯網金融、工業互聯網等融合的新興行業快速發展,但引發的新的網絡安全威脅也不容忽略,互聯網金融整合了信息流和資金流,信息流的風險很可能引發資金流損失;工業控制系統更為智能化、網絡化,開放互聯帶來的惡意嗅探行為增多,被惡意攻擊的風險不斷加大。傳統互聯網安全與現實世界安全問題相交織引發的安全威脅更為複雜,產生的後果也更為嚴重。
(四)個人信息和重要數據保護將更受重視。近年來,互聯網技術的發展極大的方便和豐富了我們的生活和工作,網上購物、網上求職、社交平台、政府服務等平台上充斥著大量的個人詳細隱私信息。自2011年以來我國關於嚴重個人信息洩露的事件不絕於耳,特別是近年來的網絡詐騙案件中,受害人的詳細信息都被詐騙分子所掌握,給社會安定帶來嚴重危害。 2013年 “斯諾登事件”及後續相繼爆出的美國政府大範圍監聽項目,刺激著各國加強重要數據的保護措施,嚴格規範互聯網數據的收集、使用、存儲等。我國在《網絡安全法》中對個人信息保護規則、重要數據跨境傳輸進行了明確規定,預計關於個人信息和重要數據信息保護的詳細規範性文件將製定出台,切實落實保護措施。
(五)網絡安全威脅信息共享工作備受各方關注。及時全面獲取和分析網絡安全威脅,提前做好網絡安全預警和部署應急響應措施,充分體現了一個國家網絡安全綜合防禦能力。通過網絡安全威脅信息共享,利用集體的知識和技術能力,是實現全面掌握網絡安全威脅情況的有效途徑。美國早在1998年的克林頓政府時期就簽署了總統令,鼓勵政府與企業開展網絡安全信息共享,到奧巴馬政府時期更是將網絡安全信息共享寫入了政府法案。近年來,我國高度重視網絡安全信息共享工作,在《網絡安全法》中明確提出了促進有關部門、關鍵信息基礎設施的運營者以及有關研究機構、網絡安全服務機構等之間的網絡安全信息共享。但面對紛繁複雜的、多維度的數據源信息,如何高效地開展共享和深入分析,需建立一套基於大數據分析的網絡安全威脅信息共享標準。目前,我國很多機構已經在開展網絡安全威脅信息共享的探索與實踐,相關國家標準和行業標準已在製定中,CNCERT也建立了網絡安全威脅信息共享平台,在通信行業和安全行業內進行相關共享工作。
(六)有國家背景的網絡爭端受關注度將繼續升溫。目前,我國互聯網普及率已經達到53.2%7,民眾通過互聯網獲得的新聞資訊越來越快捷方便,民眾關注全球政治熱點的熱度也不斷高漲。 2016年美國總統大選“郵件門”事件、俄羅斯黑客曝光世界反興奮劑機構醜聞事件等,都讓網民真切感受到有組織、有目的的一場縝密的網絡攻擊可以對他國政治產生嚴重的影響,將有國家背景的網絡爭端從行業領域關注視角延伸到了全體網民。隨著大量的國家不斷強化網絡空間軍事能力建設,有國家背景的網絡爭端事件將會熱點不斷、危機頻出,全民討論的趨勢將會持續升溫。
(七)基於人工智能的網絡安全技術研究全面鋪開。在第三屆世界互聯網大會“世界互聯網領先科技成果發布活動”現場,微軟、IBM、谷歌三大國際科技巨頭展示了基於機器學習的人工智能技術,為我們描繪了人工智能美好的未來。目前,網絡攻擊事件層出不窮、手段多樣、目的複雜,較為短缺的網絡安全人才難以應對變化過快的網絡安全形勢,而機器學習在數據分析領域的出色表現,人工智能被認為在網絡安全方面將會“大有作為”。有研究機構8統計發現,2016年“網絡安全”與“人工智能”兩詞共同出現在文章中的頻率快速上升,表明越來越多的討論將二者聯繫在一起共同關注。以網絡安全相關的大數據為基礎,利用機器學習等人工智能技術,能夠在未知威脅發現、網絡行為分析、網絡安全預警等方面取得突破性進展。

中國的網絡空間治理或衝突的困境選擇 – China’s Dilemma Choice of Cyberspace Governance or Conflict

中國的網絡空間治理或衝突的困境選擇 –

China’s Dilemma Choice of Cyberspace Governance or Conflict

Introduction
The problem of cyberspace security governance is attracting more and more attention from the international community. Among them, the problem of cyberspace conflict management is more and more concerned. Compared with the physical space conflict, the cyber space conflict has the characteristics of diversification of the actors, rapid updating of the attack means and unpredictability of the conflict. This leads to the reality that the cyberspace conflict management is faced with serious challenges such as serious cognitive differences, difficult to effectively govern, deterrence and “structural problems”. Therefore, the network space conflict governance needs to change the governance concept, through the pragmatic cooperation between countries, the integration of all the advantages of resources, to build a global network of governance mechanisms, and cultivate cooperation and sharing of governance culture. As a global network of countries, China has been actively advocating the establishment of multilateral, democratic and transparent global governance system. At the same time, China will make a positive contribution to the construction of international rules of cyberspace and the global network governance mechanism in the areas of innovation governance, bridging the digital divide, carrying out bilateral and multilateral international cooperation.
text
With the extensive application and rapid development of network information technology in the world, the relationship between network and national security is becoming more and more closely. Among the security issues, the most interesting is cyberspace conflict. Cyberspace is called “next battlespace” by military strategists and futurists. The primary objective of governments in cyberspace is to ensure that their core interests are not compromised and that nationals are protected from cyber attacks. But the reality is that the vast majority of cyber attacks are not directly initiated and implemented by the government, but are operated directly by non-state actors. Moreover, the cost of launching a network attack is low, action is hidden, and can cause serious consequences. This also causes cyberspace to burst out of clashes or even cyber warfare (cyber warfare). Once the cyberspace conflict or war, its size and scope of influence will be difficult to estimate. Cyber ​​space conflicts can also lead to direct hostility and conflict among nations in the real world. In addition, due to the lack of necessary international legal jurisdiction and norms, cyber conflict management is also facing serious challenges. Effective control of the intensity of cyberspace conflict, the development of cyberspace national code of conduct, will be the international community to explore new issues of cyber conflict.

First, the changes and challenges of

cyberspace conflict Network space conflict from the behavior of the network threat to the perception and the resulting response. Network threats can be broadly divided into two categories: one is called cyber attacks, is deliberately destroying the behavior of the network system; the other is called cyber exploitation (cyber exploitation), that is, the use of network infrastructure to achieve illegal purposes, but Will not harm the network system itself. [1] The target of cyber attacks is aimed at national and non-state actors, including sovereign states, organizations and individuals, which can disrupt both hardware and software and other aspects of the computer, or by improperly invasive computer operating systems Information or implement remote control. Network attacks can cause network conflicts, and network conflicts can be upgraded to cyber warfare. A cyber war generally refers to the destruction and disruption of a nation or nation that infiltrates another country’s computer or network. [2] cyber war can seriously endanger the country’s political, economic and social security and stability, is the highest form of network conflict. <A I = 3> Network information technology has the immediacy, convenience, cheap nature, so that conflict and war becomes easy to operate and implement. Network information technology to the traditional conflict and war has undergone a subversive change. As long as there is a network of computers, a few people can implement a network attack, launched a small-scale war without smoke. Network space weapons development costs are very low, as long as there are one or two computers, and can achieve network connectivity, and then equipped with several high-level hackers, is enough to create a very lethal network weapons. [3] Therefore, the impact of the Internet on national security will be comprehensive, thorough and unprecedented. Network information technology from the continuous innovation and development of communication technology. The emergence and continuous updating of instant messaging technology has enhanced the efficiency of political decision-making on the battlefield. Network information technology for the innovation of weapons technology has an important role in promoting, especially in the era of nuclear weapons, computer technology to make nuclear weapons more accurate, reliable and high speed. During the Cold War, the United States and the Soviet Union attached great importance to the development of information processing technology. With the comprehensive development of computer technology, the United States first proposed the “information warfare doctrine” (information warfare doctrine), that is, the use of information technology, tactics and means beyond the opponent. Western scholars said that the current international society is no greater risk of weapons of mass destruction, but large-scale destructive weapons (weapons of mass disruption). [4] In the technical breakthrough, cyber space conflict and war more profound changes reflected in the behavior of the main, means of attack and the consequences of conflict and so on. (I) Increasing diversity of actors The cyberspace provides a broader platform for non-State actors to move beyond the limits of territory and sovereignty and to play a greater role in reality and in the virtual world. Traditional conflicts and wars occur between different groups, generally monopolized by powerful states, and individual individuals are difficult to attack groups. Network information technology has greatly enlarged the power of relatively weak behavior. With the help of a network information platform, small countries can challenge the hegemonic countries, small groups can attack the powerful sovereign states, individuals can also attack the group. The United States has always regarded North Korea as a threat in cyberspace. According to the US Fox News Network reported that the beginning of 2010, the report shows that North Korea has trained thousands of top computer students to become excellent “cyber warrior” (cyber Warrior), whose operational targets are locked for the United States and South Korea. [⑤] In recent years, terrorism has also gained the “new life” with the help of network carrier and information tools. Al Qaeda uses Internet technology to promote its extreme ideas, and use the network platform to implement member recruitment, online training, fund raising, remote command and other activities. It can be said that the cyber space of the hidden and open features to increase the international community to prevent and combat the difficulty of terrorism. [⑥] In 2008, a 14-year-old boy in Poland, through the invasion and control of the Lodz tram system, caused confusion, resulting in four trams derailed, 12 people were injured, the accident did not cause death. [⑦] for the increasingly diverse network attackers, the US Strategic Command Command Kevin Hilton (Gen. Kevin P. Chilton) vividly believes that “our enemy range, including not only the boring young hackers, but also criminal organizations, but also related to national actors.” [ 2] Attack means to constantly update the original intention of the development of the Internet is to facilitate the effective flow of information to achieve resource sharing, interoperability. Open environment will often bring more risks and challenges to security, cyberspace and thus appeared in the “offensive and defensive imbalance” problem. This structural imbalance triggers cyber malicious attacks, thereby reducing confidence in deterrence and effective defense. [⑨] static defense in cyberspace (static defenses), that is, passive defense, refers to the most powerful hackers as a new challenge or to be resolved. [⑩] Skilled cyber attackers can easily find network vulnerabilities and successfully bypass security defense software. Compared with the traditional conflict, cyber space in the attackers in a shelter, and specifically attack the target of the weak links. In the “offensive side of the defensive side” in the context of the network of offensive weapons has become very common. The general network of offensive weapons, including computer viruses, malware, logic bombs (logic bombs, denial of service (denial of service) and so on. Low-end network weapons, the goal is simply to steal information, access to passwords, modify the program, generally do not produce significant harm. By contrast, high-end network weapons can cause data or critical facilities to be interrupted or severely damaged. A series of cyber attacks can evolve into major emergencies, breaking critical services over a period of time, including disrupting military command or information systems, shutting down power supply or oil pipelines, and stopping financial services. In 2008, the US Department of Defense to store encrypted military information on the computer network had infected with malicious code. Malicious code diffuses to encrypted and unencrypted file systems without being perceived. Although it was found in time, but the US military is very scared that such an event may make its military confidential documents are uploaded to foreign intelligence agencies, and even unknown hostile forces, the consequences will be disastrous. [11] Complex high-end malicious code has a strong self-camouflage ability, it is difficult to be found, often has been caused after serious injury will be found. In 2010, Iran’s nuclear facilities were attacked by “Stuxnet” (Stuxnet), making Iran’s Natanz uranium enrichment plant 1 More than 1,000 IR-1 centrifuges have to be replaced due to abnormal operation and damage. The fact that the “shock virus” attack target is very accurate or single, that is, the German Siemens control system (SIMATIC WinCC). This is a data acquisition and monitoring (SCADA) system, widely used by Iran in the defense of basic industrial facilities. “Seismic virus” in the invasion of a computer, it will automatically find the Siemens software to confirm the software found, the virus will be unaware of the state control of industrial computer systems, and control the computer software to other factories on the computer Issue a given order. Network security experts believe that the “earthquake network virus” is the first physical world infrastructure for the target “precision guidance” worm. [12] As the first disclosure of “shock virus” German well-known network security experts, Ralph Langner (Ralph Langner) through systematic analysis, that “shock network virus” structure than imagined even more complex , Including two different “digital warhead” (digital warhead), respectively, for different offensive targets, uranium enrichment facilities and Bushehr nuclear power plant external turbine. He believes that the power of the second warhead is equivalent to the Bushehr nuclear power plant for a precise air strike. [13] US information security expert Kevin Clayman (Kevin Coleman) 2010 in the United States National Defense Science and Technology published an article that the number of network attacks will be a sharp upgrade. To support this assertion, he mentioned that the number of malware in 2009 reached the highest level in the past 20 years, with multiple reports showing that more than 25 million malware was confirmed, and that growth would continue. [14] Through the above examples, it is easy to see the cyber space in the offensive weapon technology content is high and has a strong pertinence. Such weapons are more subtle, more precise, more offensive and destructive than conventional weapons. At the same time, network offensive weapons can not be reused, must be constantly upgrading. Matin Libici, a digital warfare expert at the famous American think tank, argues that it is no longer a weapon once someone knows how the cyber warfare works. The best weapon is the enemy does not know, but they already have. [15] (c) the consequences of conflict unpredictable <a I = 11> opponents in traditional conflicts are clearly visible, and the results of the conflict are predictable. In the conflict of cyberspace, once the offensive weapon is in power, the damage scale and influence caused by it are constantly copied and disseminated, and it is difficult to get effective control as the traditional conflict. More seriously, cyber attacks can bring serious panic to society, which is more serious than traditional wars. All kinds of infrastructure in modern society are controlled by computer and Internet systems. Once the network attacks are affected by water, electricity and financial control systems, the losses will be immeasurable and may even cause serious social unrest. American scholars envisioned the serious consequences of cyber attacks: no air control system or airport security system, no electronic control of rail traffic, no reliance on electronic computer day and night delivery of parcels or e-mails, no employer through payment software to pay workers wages Check, no electronic withdrawal record, no automatic teller machine, hospital or health center No reliable digital record, no electricity leads no light, no heat, no refueling system or fuel, petrol, no traffic lights, no phone, no internet service , There is no police effective security management, this series of problems will make the American society into a short-term paralysis. [16] According to the CIA revealed that the number of cyber attacks against the US public utility network in 2007 showed that the person in charge of the power company was even reluctant to talk about the risk of these events because of fear of serious social panic. In addition, the openness of cyberspace makes the network attacks happen and its scope of influence will be diffuse. In April 2013, hackers stole the Associated Press’s Twitter account and posted a false message that US President Barack Obama was injured in an explosion at the White House. A few minutes later, the Associated Press official used another Twitter account before the account was stolen. White House spokesman also clarified by President Obama did not hurt the radio. But many people have seen the news of the stolen Twitter account, the event led to the Dow Jones Industrial Average and S & P500 index both fell, after the two trading index and rapid rebound. Alert alleged that the Twitter account has 2 million audiences, the release of instant messaging is very influential. [17] The incident also sounded the alarm to the US government, with a simple account stolen event is likely to trigger a financial panic, which seriously disrupt the social order. The above new features of cyber conflict governance have had serious consequences. The diversity of the behavior makes it difficult to change the concept in a short time to overcome the differences and differences of cognition. The continuous innovation of the network attack means makes the international legal system and deterrence difficult to play the role. The unpredictable consequence is aggravating the inter- Mutual suspicion. These factors will seriously hinder the formation of cyberspace conflict management mechanism and play a role. Second, the network space conflict governance mechanism of the plight of cyberspace conflict and the traditional sense of the international conflict is very different. The main actors in the current global governance mechanism are sovereign states, who propose a series of rules and regulations on the basis of understanding and understanding of traditional armed conflicts. But in cyberspace, the effective regulation of the behavior of non-State actors is a matter of law and morality. And “structural dilemma” and other practical problems also exacerbated the difficulty of cyber conflict. (A) cognitive differences hinder effective governance At present, countries on the core concept of network security understanding of the network security events and their attribution (attribution) and identified there are deep differences. For example, the United States, Britain, Japan, Germany, France and the European Union have developed a network security strategy, through comparison can be found, the parties to “cyberspace”, “network security”, “network war” and other core concepts defined difference. [18] In cyberspace, how to determine that some of the acts have violated the basic norms of international law and can be used to combat Can individuals and organizations become the target of a national network attack? How do you define the national sovereignty of cyberspace? For these questions, the current international legal system has no ready answers. The United Nations, as a broadly representative international organization for the maintenance of international peace and security, has its own limitations, highlighting the development of the Charter of the United Nations much earlier than the arrival of the cyber-information age and therefore does not take into account the issue of cyber attacks. It is difficult to define cyber attacks as the use of force in accordance with prevailing norms of international law. During the three weeks before the 2008 Russian-Russian war, Unknown Acts used a commercial IP address to launch a decentralized denial service in several countries to attack the Georgian president’s website. The outside world believes that the relevant malware (named MachBo) was written in Russia and used by Russian hackers, although there is no definite proof that the Russian government has planned and implemented cyber attacks. Another dilemma faced by current international legal norms is the blurring boundary between cybercrime and cyber warfare. Realistic disagreement is manifested in the fact that the attacked state considers cybercrime to be a cybercrime and encourages implementation or support in the back of the country that cyber attacks are a cyber warfare for the maintenance of national interests. It can be seen that the lack of unified cognitive standards and operational guidelines make cyberspace conflict management difficult to carry out. In general, cyberspace behavior can be divided into three categories, one is legal (recognized is legal); the second is crime (illegal, the current legal norms that it is a crime); three is not legal (by the state and Non-state actors are found to be malicious, but the existing legal framework is not clearly defined). To be sure, cyber attacks should first fall within the jurisdiction of domestic law. If the attacker violates domestic law, the government of the host country is bound to enforce the jurisdiction. If the attacker attacked the target of another country, and the relationship between the target country and the host country is not friendly, there is a realistic problem. Especially for intelligence gathering, disruption of communications, or network behavior such as issuing erroneous directives to the enemy, it is easy for the implementer to be deemed to be a cyber attack because of being favored by the host country, So that it will not be punished. [19] (b) difficult to effectively govern international legal norms <a There are indeed many problems with the current international legal system and governance mechanisms. First, the existence of existing rules on armed conflict applied to cyberspace issues; second, the existing international rules can be applied to cyberspace governance, the majority of international rules focus on inter-State conflict, and cyberspace in the unconventional conflict But the more and more; third, the lack of legal experts; Fourth, the current rules focus on how to limit the network war, but the physical and collateral damage and other potential issues less concerned. [20] These problems make the existing international legal system not only effective control of cybercrime behavior, nor can it provide legal protection for civilian infrastructure and ordinary civilians. The Law of War and Armed Conflict (“the Law of Armed Conflict”) originated in the mid-19th century and is a humanitarian norm that regulates violence and conflict. The law of armed conflict applies exclusively to the conflict between the regular forces of the state. Countries in 1864 on the “Geneva Convention” to reach a consensus in 1868 in St. Petersburg officially signed. But the law of armed conflict, the Charter of the United Nations in the legal control of the war and wartime war behavior constraints are not applicable to cyberspace. And the existing legal norms do not clearly define the “war behavior” (war of act) concept. In general, war refers to the legal consequences of the use of force between States. The law of armed conflict is based on the use of force and aggression. In cyberspace, there is a great deal of controversy over whether cyber attacks are equal to the use of force and should be governed by the law of armed conflict. On the one hand, although not explicitly defined, it is generally believed that cyber attacks are hostile in cyberspace using network and information technology to achieve a certain purpose or effect; on the other hand, whether a cyber attack can be called For the conflict or war, still need the international community generally recognized. [21] There are gaps in the existing international legal norms for the control network space conflict. Within the existing international legal framework, the international legal norms governing conflict are the law of armed conflict, whose main legal sources are international treaties and international customs. It is the sum of binding principles, rules and regulations, and systems that adjust the relations between the warring parties and the warring parties and the neutral States in war and armed conflict. [twenty two] The subject of the law of armed conflict rests with the State and does not involve the question of the exercise of jurisdiction over individuals and international organizations. In addition, in the network attack, how to effectively distinguish between military and non-military objectives is also a real challenge. In the field of traditional warfare, military and non-military objectives are clearly defined, just as green tanks carry soldiers, and yellow cars carry students. But in the absence of clear boundaries in the cyberspace, the boundaries of the two are vague. The blurring of boundaries will lead to bias and shift of offensive targets, such as the blow to a country’s military facilities likely to shift to civilian infrastructure targets. In the network war, for the commander, it is difficult to distinguish which networks have military strategic objectives, which goals are civil. The more difficult problem is that it is difficult to determine the attacker’s long-range attack. Even if it is possible to determine the presence of the attacker and the attack itself, it is difficult to determine the identity of the attacker. Cyber ​​space conflict also exists on the application of the right of self-defense in traditional war. If a cyber attack against a country has occurred, the State under attack has the right to self-defense in accordance with the provisions of the Charter of the United Nations. But how to determine the implementation of the main body to determine whether the attack on the country’s attack, to define the extent of the attack, there is no uniform standard. Although the existing international legal system clearly stipulates that conventional wars can not use weapons of mass destruction, they are almost equivalent to the use of weapons of mass destruction if they are likely to be devastated by malicious code and malware. If this assumption is true, it will pose a serious challenge to the above principles. And if the network army in the public website embedded malicious code, and the infection code of the non-military system than the military system, which should be considered a violation of the principle of abuse of weapons. Whether there is a “network of weapons of mass destruction” in cyberspace, and the international community has not reached a consensus on the use and co-operation of these weapons that can cause serious consequences. In addition, the development of network information technology in the 21st century makes the soldiers separated from their war behavior. The closer the separation of the acts of war, the harder it is to preserve the humanitarian spirit implicit in the law of armed conflict. At the same time, the openness of cyberspace makes the public and private, government and private network mutual penetration, overlap each other. This will result in a joint attack on the consequences of a network attack and may cause physical damage and injury. (C) the network deterrence lost utility <a I = 25> cyberspace The international legal system is not yet sound is an existing fact, then can the cyber deterrence strategy be effectively implemented and achieve the intended purpose? The deterrence strategy emphasizes the strength and the will of the contest. Deterance refers to the strength of one party is strong enough to make its opponents can not attack, otherwise it will pay a significant price. The prerequisite for deterrence is the possibility and credibility: the possibility that one party has the absolute ability to launch retaliation and counterattack, credible means that at the crucial moment one party decides to impose the necessary blow to its opponent. To achieve the purpose of affecting the opponent’s decision-making, you need to let the opponent clearly understand and perceive the deterrent implementation of the absolute strength and revenge. In reality, there are serious limitations in the use of deterrence strategies in cyberspace: first, deterrence theory is generally applied between two powerful opponents, the deterrent can be effective to assume that the other is rational, can not bear the cost of attack. But in cyberspace, there may be a serious asymmetry between the attacking entity and the attacked object, and even if effective retaliation is implemented, the purpose of deterrence can not be achieved. Second, the asymmetry of retaliatory means would disrupt the existing international rules. If the network attacker only launched a general decentralized denial of attack, only led to the attacking country network system paralysis, if the attacking countries using conventional military and nuclear forces to fight back, will cause a lot of economic losses and casualties, which will Deviation from the “principle of proportionality” in international law, the return action will be the loss of legal legitimacy. Finally, cyber attacks are instantaneous, one-off, successful, or failing only in the twinkling of an eye. Successful attacks can cause harm, and the victim is retaliated after being attacked, and deterrence will be completely lost because the injury has arisen. In a cyber environment, a party that initiates a cyber attack usually attacks an attack through a “zombie computer” (a computer that has been hijacked after it invades), which adds significant difficulty to the attacker’s determination of the attacker. In addition, the process of determining the identity of the attacker takes a long time, after the confirmation is correct, the loss has been generated and irreversible. Re-implementation of such retaliation under such conditions would challenge the “self-defense principle” under international law, since Article 51 of the Charter of the United Nations clearly stipulates that “self-defense” is prerequisite for action against force. The more challenging issue is that if the attackers are identified as being an organization or an individual, the various norms of international law will not work. Former deputy secretary of the United States Department of Defense William Lynn Lynn) also mentioned the difficulty of the network deterrent, “deterrence credible prerequisite for the identity of the adversaries to confirm no doubt, but in the cyberspace almost no such case.” [23] (d) “structural problems” threat to international cooperation and the real world, cyberspace is also in anarchy. In this state, there is no absolute authority, so the relationship between the cyberspace state is facing a “structural problem.” This is highlighted as two aspects: First, the network developed countries and emerging network power between the competitive relationship, which is reflected in the network security issues on the two camps, “different voices.” The first camp is the United States led the Western countries group, they have introduced the corresponding national network security strategy, and put forward the values ​​of Western countries to reflect the cooperation and governance philosophy. In March 2014, the United States stated that it had strengthened bilateral and multilateral coordination and cooperation with the EU in matters related to the Internet. The United States made it clear that US-European cooperation is based on shared values, common interests, multi-stake governance concepts, cyber freedom and the protection of cyberspace human rights. [24] Early 2015, the United States and the United Kingdom expressed the need to protect key infrastructure, strengthen network defense, support network academic research and other aspects of pragmatic cooperation. [25] In June the same year, the United States and Japan to enhance network deterrence and strengthen information and intelligence sharing agreement. [26] It is not difficult to find that the first camp headed by the United States places more emphasis on the values ​​of freedom and democracy in cyberspace and strengthens its own network deterrent. The second camp is China, Russia and other emerging countries group. “Prism door incident” occurred, China and Russia and other countries are very concerned about maintaining the network of national sovereignty, called on the international community to pay attention to the United States to cyberspace open, free in the name of the actual violation of the sovereignty of other countries. At the BRICS National Summit in Brazil in 2014, Russia proposed strengthening the BRIC network security cooperation. [27] Russia and China as the representative of the BRIC countries that “WikiLeaks” and “prism door incident” shows that the United States and other Western countries in the network security issues on the implementation of double standards: on the one hand advocate the so-called absolute freedom of cyberspace, On the other hand use the network to steal other countries information. One of the two camps advocated “network freedom first”, the other side advocated “network sovereignty first”, the two sides views obvious and difficult to eliminate. <A I = 32> Second is the inequality between developed and developing countries. Developed countries because of the advantages of early development, has been in the network information technology has the initiative; and the majority of developing countries due to historical, economic development and technical conditions and other factors, network information technology has long been lagging behind. According to the statistics of the International Telecommunication Union and other relevant agencies, the number of online online users has reached 2.3 billion by 2011, the Internet penetration rate in developing countries is about 25%, the penetration of the Internet in developed countries is 70%, and the per capita Internet users in Europe Bandwidth is equivalent to 25 times the bandwidth of Africa’s per capita. [28] Inequality in status will allow the vast majority of developing countries to remain marginal and passive. Although the United States and other Western countries put forward on the network security issues to the vast number of developing countries to provide the necessary assistance, but because they are in the implementation of assistance along with the concept of Western values, in fact, the majority of developing countries, “value output.” The majority of developing countries are very worried about the United States and other Western countries to form a network security technology level of “dependency”, the network space conflict governance North-South cooperation is also difficult to achieve. Third, the network space conflict mechanism of governance mechanism to explore the war has entered the information age, the existing international law should be necessary to improve and upgrade. The diversity of actors, the escalating offensive technology, and the uncertainty of the consequences call global governance of cyberspace conflicts. People are aware that cybercrime, cybercriminals, and cyber-terrorism have become global problems that can not be solved by the power of individual countries alone. Thus, the issue of cybersecurity is not just the domestic security of individual countries, but it is necessary to carry out long-term, extensive and in-depth international cooperation. At the same time, the existing international legal norms need to be updated and perfected. In the case of international legal norms governing the international conflict, prevention and control of cyberspace conflicts should be increased. At the same time, cyberspace cooperation requires the cultivation of peace and cooperation, development and win-win governance philosophy. Only the concept of governance enjoys popular support, international cyberspace conflict governance action will be concerned about, but also in the international community is widely recognized. (A) the transformation of global governance awareness Although there are Estonia, the Georgia network attack and “earthquake network virus” on Iran’s nuclear facilities caused serious damage and other typical cases, but so far there has been no large-scale inter-country network conflict. Nevertheless, people are still highly concerned about the cyberspace conflict, the urgent need to change the corresponding sense of governance. <A First, the most important subject involved in the management of cyberspace conflict is still the sovereign state. Although the role of individuals and groups is magnified by cyberspace, their power is still limited. Individuals and groups lead to large-scale network conflict and even the possibility of war is still minimal. Therefore, the focus on the network conflict should still be the country. Only countries in accordance with the law to effectively manage and regulate their own and their domestic organizations, individual behavior, cooperation between countries can play a role. Second, to coordinate and integrate the power and resources. Need to pay special attention to is that cyberspace itself beyond the borders, can not fully rely on government and national power. The United States and Europe and other Western countries in the network defense is the most worth learning experience is the full integration of civil resources, to achieve effective interaction between the official and civil. Should be aware of non-state actors in the field of cybersecurity in the important role, rather than national actors also hope to cooperate with the government to reduce network risk. [29] In 2010, the National Security Agency (NSA) in the Google company suffered high persistence attacks (Advanced Persistent Threat, APT), to provide information and technical assistance. [30] The basic elements of cyberspace are individuals and social groups, only to stimulate the vitality of individuals and social organizations, to enhance their network security and cooperation awareness, cyberspace will be more secure. In the government’s active promotion, the integration of technical personnel, experts and scholars, social groups, enterprises, government and other resources in order to effectively eliminate all kinds of cyberspace threats. In some cases, the need to deal with cyberspace problems also need to find answers in the network. In reality, the use of “white off” is an important strategic choice. In January 2014, the Russian Federation Committee proposed the use of “white off” (no criminal criminal record, can find a system of loopholes and experienced network of experts) services to deal with complex and volatile network attacks. [31] US network security software vendor experts also stressed that should be concerned about the “white” group, can not let it be tempted by the dark forces or even use. [32] Third, the implementation of hierarchical management of network behavior. The biggest challenge facing the international community is that countries can not agree on many cyberspace governance issues. From the point of view of harm, low to high behavior includes cyber vandalism, cyber espionage and cybercrime, denial of service, cyber attacks and large-scale cyber attacks. The first three categories already exist, and network attacks and large-scale network attacks have not yet occurred, although it is the most concern, but also the most likely to lead to network conflict behavior. Because cyber attacks and large-scale cyber attacks are targeted at key infrastructure, it can lead to serious social unrest in the attacked countries. Thus, such acts are almost intolerable and can cause reprisals by the injured State. For the first three categories of relatively light sabotage, the parties can be resolved through consultation and cooperation; for possible serious consequences of network attacks and large-scale attacks, countries should be through consultation to achieve a clear ban on such acts of cyberspace international code of conduct The (B) to cultivate the concept of cooperation in cyberspace “attack side overwhelming” reality makes cyberspace deterrence difficult to achieve, which will encourage the network intruder from another direction, eventually leading to network arms race. On the surface, the attack can bring some benefits and produce a sense of security, but the consequences will be cyberspace behavior between the competition, mutual hostility. Therefore, in the Internet, open network space is impossible to obtain absolute security. <A I = 42> On the contrary, if the defensive side is dominant, the behavior is more inclined to cooperate. Any threatened intrusion is carried out on the basis of successful defensive measures. Therefore, to enhance the defense capacity in order to obtain positive and lasting security. This requires the establishment of two types of mechanisms: one is the early warning mechanism, so that the attacked countries can early detection and take the necessary preventive measures. From the “network virus” attacks can be seen in the case, the virus invasion must bypass the victim’s security firewall. If you take a security defense measures, “earthquake network virus” is unable to implement the damage. Second, the information sharing mechanism, the parties to coordinate and cooperate with each other will help to achieve common security. This first requires the sharing of information between countries, which can increase mutual trust, is conducive to pragmatic and effective cooperation to achieve mutually beneficial win-win goal. Second, the sharing of information between government and private enterprises is also necessary. In many cases, the country’s infrastructure is operated by private enterprises, but there are obvious shortcomings in the information and intelligence collection channels, quantity and quality compared with the country. Third, in the network space conflict management should also focus on cultivating the “humanitarian” spirit, in the physical space to attack the party has the obligation to minimize the harm of civilians. Any country with strong technical capacity must also consider minimizing civilian damage when using cyber weapons. Some scholars even believe that the degree of damage caused by network weapons should be limited to less than a bomb damage. [33] (c) the establishment of conflict governance mechanism The international community has been advocating the creation of international mechanisms for conflict resolution, its purpose is through the policy coordination between countries, on the basis of consensus on the formation of network conflict management mechanism, and gradually establish cyberspace International order, and thus cultivate a global network of space management culture. [34] The international community attaches great importance to the inconceivable destructive power and influence of cyber space conflicts. In practice, attempts are made to bilateral and multilateral cooperation and have achieved some results, which can provide the necessary reference for the construction of global cyberspace governance mechanism. As the most influential intergovernmental organization, the United Nations should play a leading role in the governance of cyberspace conflict. The United Nations cyberspace conflict management mechanism is not widely represented and is not universally recognized by the international community. As early as 2006, the United Nations set up an open Internet Governance Forum (Internet Governance Forum, IGF). [35] As of 2014, the Internet Governance Forum has been held for nine consecutive sessions. In April 2015, the United Nations launched a dialogue with Russia on the International Convention on Cybercrime, but there was no consensus on the serious differences between developed countries and developed countries and organizations such as the United States, Canada and the European Union. This shows that countries have opened the door to dialogue for a global agreement. [36] As a specialized agency of the United Nations, the International Telecommunication Union (ITU) has also played an important role, actively advocating the “stakeholder” (stakeholder) concept, called on countries around the world to participate in the process of safeguarding the international community network security. The exploration and attempt of the international community shows that cyberspace governance itself is part of global governance. Every country faces the threat of cyber attacks, network conflicts and even cyber warfare. Participation in multilateral cooperation is the best choice for all countries to safeguard their own interests. At the same time, regional international organizations are also exploring new models of cyberspace governance. The 7th SCO Council of the Shanghai Cooperation Organization (SCO), held in 2007, proposed the Action Plan for information security, emphasizing the state’s control over the network system and information content. At the beginning of 2008, NATO convened an emergency meeting of the North Atlantic Council for the Estonian incident and introduced a cyber-defense policy, which for the first time established cyber security issues as the content of its collective defense obligations. NATO claims that if its member countries are subjected to catastrophic cyber attacks, the new cybersecurity policy will provide an effective counterattack tool. In April, NATO Cyber ​​Defense Management Authority (CDMA) was established to form a unified deployment of allied network action capabilities. In May, the Cooperative Cyber ​​Defense Center of Excellence, CCS COE) was formally established in Tallinn to strengthen the comprehensive capabilities of NATO’s network defense, and the establishment of the two institutions became a symbol of NATO’s network defense. [37] NATO officials also expressed their intention to cooperate safely with cyberspace in South Korea and other East Asian countries. In the current global governance mechanism, the success of cyberspace conflict management is the Mutual Legal Assistance Treaties (MLATs). It is aimed at nationally recognized cybercrime, which stipulates that participating countries share information, evidence and other forms of cooperation. The treaty is mainly applicable to the use of the network system to implement the crime. The Council of Europe Convention on Cybercrime (CEC) was signed by the Council of Europe in 2001 to define and punish the deterrence of cybercrime. The Cybercrime Convention is the most important multilateral cooperation agreement against cyber attacks and the world’s first international convention against cybercrime, which will have a significant impact on the legislation of many countries. Some scholars have suggested that international justice cooperation in the fight against cybercrime be carried out in accordance with the Convention. [38] Joseph Chennai believes that restricting all cybercrime is impossible, but it can be done from combating cybercrime and cyber-terrorism, and the great powers have many common interests on these issues. [39] Whether it is the United Nations or other regional international organizations, through their own practice to explore the global model of cyberspace governance. These practices will greatly enrich the theoretical basis and practical experience of cyberspace conflict management, which is of great significance to promote the international community to construct the relevant governance mechanism. The ultimate goal of cyberspace conflict management is to break through the differences of ideas, on the basis of common interests, to achieve beyond the borders, areas, levels of all-round, three-dimensional cooperation, and ultimately clean up the network space, to good governance. This process may take a long time and requires the joint efforts of the international community. China’s role and contribution in cyberspace conflict management According to China’s Internet Center (CNNIC) released the 36th “China Network Development Statistics Report” shows that by June 2015, the number of Internet users in China has reached 668 million, the Internet Penetration rate of 48%. 4%. This shows that China is already the largest number of Internet users in the country, but also shows that the Chinese people’s production and life, economic growth and innovation are closely related with the network, China has become a veritable global network power. As a global power, China has always positioned itself as a participant, builder and practitioner in cyberspace security governance. China’s national strategy is to develop from a network of major powers as a network power, and to promote the development of balanced development, sound rules and reasonable order of the global network space and make unremitting efforts. As the largest developing country, China has long been committed to the struggle for the vast number of developing countries, and actively participate in the construction of peace, security, openness and cooperation of cyberspace, and promote the establishment of multilateral, democratic and transparent global Internet governance system. At the same time, the Chinese government has put forward the principle of network governance with Chinese characteristics on the basis of the existing experience of governance, such as the rule of law, the order priority and the positive integration, which is similar to those of China. Furniture has important reference value and reference significance. [41] In September 2015, when the Chinese President visited the United States, he said in a written interview with The Wall Street Journal that China was a strong defender of cybersecurity. On the one hand, China will strengthen cooperation with the United States, the European Union, Russia, through the establishment of bilateral and multilateral cooperation mechanism to increase mutual trust, and is committed to building network security code of conduct. On the other hand, China will be more active in cyberspace global governance, and strive to incorporate the concept of safeguarding network sovereignty, network fairness and pragmatic cooperation advocated by China into cyberspace international standards. At the same time, China will also fulfill its commitments to actively promote the construction of cyberspace global order. In addition, China is working on the development of national network security for the relevant legal norms. In June 2015, the National People’s Congress for the first time considered the “People’s Republic of China Network Security Law (Draft)”. Article 5 of the General Regulations clearly states that “China will actively strengthen international exchanges and cooperation in the areas of cyberspace governance, network technology research and development and standard setting, and crack down on crimes against the Internet, and promote the construction of peaceful, safe, open and cooperative cyberspace. [42] This shows that China is committed to the law through the definition of network security, safeguarding network sovereignty, standardize network behavior, promote international cooperation in cyberspace. At the same time, China is also actively advocated in cyberspace governance to play the leading role of the United Nations. In 2011, China and Russia jointly submitted the International Code of Conduct for Information Security to the 66th Session of the General Assembly, put forward a series of basic principles of national conduct on the maintenance of information and cybersecurity, and called on countries to carry out further discussions within the framework of the United Nations. [43] In June 2013, China and the United States and other 15 countries in the United Nations network security dialogue, clearly advocated the “United Nations Charter” applies to cyberspace. [44] In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. The focus will include advancing national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. The focus will include advancing national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation.

 

Original Mandarin Chinese:

簡介
網絡空間安全治理問題正日益引起國際社會的普遍關注;其中,網絡空間衝突治理問題更是備受關注。與現實的物理空間衝突相比,網絡空間衝突具有行為體多元化、進攻手段快速更新、衝突後果不可預知等新特點。這導致網絡空間衝突治理面臨認知分歧嚴重、規範難以有效管轄、威懾無效和“結構性難題”等現實挑戰。因而,網絡空間衝突治理需要轉變治理理念,通過國家間務實合作,整合各方優勢資源,構建網絡空間全球治理機制,並培育合作、共享的治理文化。作為全球網絡大國,中國一直以來都積極倡導建立多邊、民主、透明的全球治理體系。同時中國將在創新治理理念,彌合數字鴻溝,開展雙邊、多邊國際合作等方面,為構建網絡空間國際規則和全球網絡治理機製作出積極貢獻。
正文
隨著網絡信息技術在全球範圍內的廣泛應用和快速發展,網絡與國家安全的關係日趨緊密且受到各國高度重視。在安全議題中,最引人關注的是網絡空間衝突。網絡空間被軍事戰略學家和未來學家稱為“下一個戰爭空間”(next battlespace)。各國政府在網絡空間中的首要目標是確保本國的核心利益不受損害,保障國民免受網絡襲擊的侵擾。但現實情況是絕大多數網絡襲擊並非由政府直接發動和實施,而是由非國家行為體直接策劃操作。而且,發動網絡襲擊的成本低廉、行動隱蔽,且能引發嚴重後果。這也造成網絡空間容易爆發衝突甚至網絡戰爭(cyber warfare)。一旦網絡空間發生衝突或戰爭,其規模和影響範圍將難以估量。網絡空間衝突也可能導致國家間在現實世界中的直接敵對與衝突。此外,由於缺乏必要的國際法律管轄與規範,網絡空間衝突治理也面臨著嚴峻挑戰。有效控製網絡空間衝突的烈度,制定網絡空間國家行為準則,將是國際社會探索網絡空間衝突治理的新課題。

一、網絡空間衝突的變化與挑戰

網絡空間衝突源於行為體對網絡威脅的感知和由此作出的反應。網絡威脅大致可分為兩類:一類被稱為網絡襲擊,是指蓄意破壞網絡系統的行為;另一類被稱為網絡牟利(cyber exploitation),即利用網絡基礎設施來達到非法目的,但不會對網絡系統本身造成傷害的行為。 [①] 網絡襲擊針對的目標是國家和非國家行為體,包括主權國家、組織和個人,既可以破壞軟硬件和計算機的其他方面,也可以通過非法入侵計算機操作系統,運用不正當的手段獲取信息或實施遠程控制。網絡襲擊可能引發網絡衝突,而網絡衝突又可能升級為網絡戰爭。網絡戰爭一般是指一個民族國家為滲入另一個國家的計算機或網絡所進行的破壞和擾亂行為。 [②] 網絡戰爭可能嚴重危害國家的政治、經濟和社會安全與穩定,是網絡衝突的最高形式。
網絡信息技術所具備的即時性、便捷性、廉價性特質,使衝突和戰爭變得易於操作和實施。網絡信息技術使傳統的衝突與戰爭發生了顛覆性變革。只要有一台聯網的計算機,少數人就可以實施網絡攻擊,發動一場沒有硝煙的小規模戰爭。網絡空間的武器開發成本極低,只要有一兩台計算機,且能夠實現網絡連接,再配備幾名高水平的黑客,就足以製造極具殺傷力的網絡武器。 [③] 因此,互聯網對國家安全的影響都將是全面的、徹底的和前所未有的。網絡信息技術源自通訊技術的不斷創新與發展。即時通訊技術的出現和不斷更新,提升了戰場上的政治決策效率。網絡信息技術對於武器技術的革新具有重要推動作用,尤其是在核武器時代,計算機技術使核武器更加精準、可靠和高速。冷戰時期,美、蘇兩國十分重視發展信息處理技術。隨著計算機技術的全面發展,美國率先提出了“信息戰理念”(information warfare doctrine),也就是利用信息技術力量,在策略和手段方面超越對手。西方學者表示,目前國際社會最大的隱患不再是大規模殺傷性武器,而是大規模破壞性武器(weapons of mass disruption)。 [④] 在技術突破之外,網絡空間衝突與戰爭更深刻的變革體現在行為主體、攻擊手段和衝突後果等方面。
(一)行為主體日益多元化
網絡空間為非國家行為體提供了更加廣闊的活動平台,使其可以超越領土和主權的限制,在現實和虛擬世界發揮更大的作用。傳統的衝突與戰爭發生在不同群體之間,一般被實力強大的國家所壟斷,而單獨個體難於發動對群體的攻擊。網絡信息技術極度放大了相對弱小行為體的力量。借助於網絡信息平台,小國可以向霸權國發起挑戰,規模小的群體可以向實力強大的主權國家發動襲擊,個人也可以發動對群體的攻擊。美國一直以來都將朝鮮視為網絡空間中的威脅。據美國福克斯新聞網透露,2010年年初的報告顯示,朝鮮已經培訓了數千名頂級的計算機專業學生成為出色的“網絡戰士”(cyber warrior),其行動目標鎖定為美國和韓國。 [⑤] 近年來,恐怖主義也藉助網絡載體和信息工具獲得了“新生”。基地組織利用互聯網技術宣傳其極端理念,並利用網絡平台實施成員招募、在線培訓、資金募集、遠程指揮等活動。可以說,網絡空間的隱蔽性和開放性特徵加大了國際社會防範和打擊恐怖主義的難度。 [⑥] 2008年,波蘭一名14歲少年通過入侵並控制洛茲市(Lodz)的有軌電車系統,從而引發混亂,導致4輛電車脫軌,12人受傷,所幸事故未造成人員死亡。 [⑦] 對於日益多元化的網絡襲擊者,美國戰略司令部司令凱文·希爾頓(Gen. Kevin P. Chilton)曾形像地認為,“我們的敵人范圍,不僅包括令人厭煩的年輕黑客,也包括犯罪組織,還涉及國家行為體”。 [⑧]
(二)攻擊手段不斷更新
互聯網發展的初衷是便於信息的有效流動,實現資源共享、互聯互通。開放的環境往往會給安全防禦帶來更多風險和挑戰,網絡空間中因而出現了“攻守不平衡”問題。這種結構上的不平衡會激發網絡惡意攻擊,從而降低對威懾和有效防禦的信心。 [⑨] 網絡空間中的簡單靜態防禦(static defenses),即被動防禦,是指最多被強大的黑客視為一個新挑戰或待解決的問題。 [⑩] 技術嫻熟的網絡襲擊者能夠輕鬆找到網絡漏洞並成功繞開安全防禦軟件。與傳統的衝突相比,網絡空間中的襲擊者處於隱蔽處,並專門攻擊目標的薄弱環節。在“攻方壓倒守方”的背景下,網絡進攻性武器變得十分普遍。一般的網絡進攻武器,包括計算機病毒、惡意軟件、邏輯炸彈(logic bomb)、拒絕式服務(denial of service)等。低端網絡武器的目標只是簡單的竊取信息、獲取密碼、修改程序等,一般不會產生重大危害。相比較而言,高端網絡武器能夠造成數據和關鍵設施的中斷或嚴重受損。一系列的網絡攻擊能夠演變為重大突發事件,在一段時期內中斷關鍵服務,包括破壞軍事指揮或信息系統,關閉電力供應或石油管道,停止金融服務等。 2008年,美國國防部儲存加密軍事信息的電腦網絡就曾感染惡意代碼。惡意代碼在未被察覺的情況下擴散到加密和未加密文件系統。雖然被及時發現,但美國軍方對此十分恐慌,認為此類事件可能會使其軍事機密文件被上傳給國外情報機構,甚至是未知的敵對勢力,後果將不堪設想。 [11]
複雜高端的惡意代碼具有很強的自我偽裝能力,很難被發現,往往是在已經造成嚴重傷害後才會被發現。 2010年,伊朗核設施受到“震網病毒”(Stuxnet)的攻擊,使伊朗納坦茲鈾濃縮工廠的1 000多台IR-1型離心機由於非正常運轉並遭到破壞而不得不更換。事實表明,“震網病毒”的攻擊目標非常精確或單一,即德國西門子公司控制系統(SIMATIC WinCC)。這是一款數據採集與監視控制(SCADA)系統,被伊朗廣泛使用於國防基礎工業設施。 “震網病毒”在入侵一台電腦後,就會自動尋找西門子軟件,確認找到軟件後,這種病毒會在無人察覺的狀態下控制工業用的電腦系統,並控制電腦軟件對工廠其他電腦發出既定指令。網絡安全專家認為,“震網病毒”是第一個以物理世界基礎設施為攻擊目標的“精確制導”蠕蟲病毒。 [12] 作為第一個披露“震網病毒”的德國著名網絡安全問題專家,拉爾夫·朗納(Ralph Langner)經過系統分析,認為“震網病毒”的結構比想像中的還要復雜,包含兩個不同的“數字彈頭”(digital warhead),分別針對不同的進攻目標,鈾濃縮設施和布什爾核電站的外部渦輪機。他認為第二個彈頭的威力相當於對布什爾核電站進行一次精確的空中打擊。 [13] 美國信息安全問題專家凱文·克萊曼(Kevin Coleman)2010年在美國國防科技網上發表的文章認為,網絡襲擊的數量將會急劇升級。為支持這一論斷,他提到2009年惡意軟件的數量達到了此前20年來的最高水平,多份報告顯示超過2 500萬個惡意軟件被確認,而且這種增長趨勢還將繼續。 [14]
通過以上事例,不難看出網絡空間中的進攻武器技術含量高且具有極強的針對性。這樣的武器比常規武器更隱蔽、更精準、更具進攻性和破壞性。與此同時,網絡進攻性武器不能重複使用,必須不斷升級換代。美國著名智庫蘭德公司的數字戰專家馬丁·利比奇(Matin Libici)認為,一旦有人了解了網絡戰武器的工作原理,它就不再是一種武器了。最好的武器是敵人所不知,但自己卻已擁有的。 [15]
(三)衝突後果不可預知
傳統衝突中的對手是清晰可見的,衝突的結果也是可以預測的。在網絡空間的衝突中,進攻武器一旦發揮威力,所造成的破壞規模和影響力一般都會不斷地複制和散播,很難像傳統衝突那樣能夠得到有效控制。更為嚴重的是,網絡襲擊會給社會帶來嚴重恐慌,其後果比傳統戰爭更為嚴重。現代社會中的各類基礎設施都是由計算機和互聯網系統控制,一旦網絡襲擊波及水、電、金融控制系統,帶來的損失將是無法估量的,甚至可能造成嚴重的社會動盪。美國學者設想了網絡攻擊可能引發的嚴重後果:沒有航空控制系統或者機場安監系統,沒有電子管控的鐵路交通,沒有依賴電子計算機日夜投遞的包裹或郵件,沒有雇主通過支付軟件支付工人工資的電子支票,沒有電子取款記錄,沒有自動取款機,醫院或者健康中心沒有可信賴的數字記錄,沒有電力導致沒有燈光,沒有熱力,沒有加油系統或者燃料、汽油,沒有交通信號燈,沒有電話,沒有網絡服務,沒有警察有效的治安管理,這一系列問題將使美國社會陷入短時癱瘓。 [16] 據美國中央情報局透露的發生在2007年針對美國公用電力網的多起網絡襲擊事件表明,由於擔心會造成嚴重的社會恐慌,電力公司的負責人甚至不願談及這些事件的風險。
此外,網絡空間的開放性特徵使網絡襲擊一旦發生,其影響範圍將具有擴散性。 2013年4月,黑客竊取了美聯社的推特賬號,發布了美國總統奧巴馬在白宮的一次爆炸中受傷的虛假消息。幾分鐘後,美聯社官方使用另一個推特賬號聲明之前的賬戶已被盜。白宮發言人也通過廣播澄清奧巴馬總統沒有受傷。但已有很多人看到了被盜推特賬號發布的消息,該事件導致道瓊斯工業指數和S&P500指數雙雙下挫,之後兩個交易指數又快速反彈。據稱美聯社的推特賬號有200萬受眾,其發布的即時消息影響力十分巨大。 [17] 這一事件也給美國政府敲響了警鐘,一起簡單的賬戶被盜事件很可能引發一場金融恐慌,從而嚴重擾亂社會秩序。
網絡衝突治理的上述新特點產生了嚴重的後果。行為體的多樣性使人們很難在短時間內轉變觀念,克服認知差異與分歧;網絡攻擊手段的不斷革新使國際法律制度和威懾很難發揮作用;而後果的難以預測則加重了國家間的相互猜疑。這些因素將嚴重阻礙網絡空間衝突治理機制的形成並發揮作用。

二、網絡空間衝突治理機制的困境

網絡空間衝突與傳統意義上的國際衝突有很大差異。現行全球治理機制的主要行為體是主權國家,它們在對傳統武裝衝突理解和認知的基礎上提出一系列管控規則。但在網絡空間中,對非國家行為體的行為進行有效規範在法律和道德方面是一個空白。而“結構性困境”等現實問題也加劇了網絡空間衝突治理的難度。
(一)認知分歧阻礙有效治理
當前,各國對網絡安全核心概念的理解以及對網絡安全事件的歸因(attribution)和認定都存在深刻分歧。例如,美、英、日、德、法和歐盟等都制定了網絡安全戰略,通過對比可以發現,各方對“網絡空間”、“網絡安全”、“網絡戰爭”等核心概念的界定存在明顯差別。 [18] 在網絡空間中,如何確定一些行為已經違反了國際法基本準則,並可以實施武力打擊?個人和組織是否可以成為國家發動網絡進攻的目標?如何界定網絡空間的國家主權?對

注释:

[①] Abraham D. Sofaer, David Clark, Whitfield Diffie, “Cyber Security and International Agreements,” in Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, Washington, D.C.: The National Academies Press, 2010, pp. 179-180.
[②] Richard A. Clarke and Robert Knake, Cyber War: The Next Threat to National Security and What to Do about It, New York: Harper Collins, 2010, p. 10.
[③] 樊高月、赵力昌主编:《不流血的战争:网络攻防经典之战》,解放军出版社2014年版,第117页。
[④] Craig B. Greathouse, “Cyber War and Strategic Thought: Do the Classic Theorists Still Matter?” in Jan-Frederik Kremer and Benedikt Muller, eds, Cyberspace and International Relations: Theory, Prospects and Challenges, Verlag Berlin and Heidelberg: Spinger, 2014, p. 23.
[⑤] Kelley Beaucar Vlahos, “Special Report: The Cyberwar Threat from North Korea,” Fox News, February 14, 2014, http://www.foxnews.com/tech/2014/02/14/cyberwar-experts-question– north-korea-cyber-capabilities.
[⑥] 丛培影、黄日涵:《网络恐怖主义对国家安全的新挑战》,载《江南社会学院学报》2012年第2期,第2页。
[⑦] John Leyden, “Polish Teen Derails Tram after Hacking Train Network,” The Register, January 11, 2008, http://www.theregister.co.uk/2008/01/11/tram_hack/.
[⑧] Kelvin P. Chilton, “Cyberspace Leadership Towards New Culture, Conduct and Capabilities,” Air & Space Power Journal, Fall 2009, p. 7.
[⑨] Kenneth Lieberthal and Peter W. Singer, “Cybersecurity and U.S.-China Relations,” Brookings Institution, February 23, 2012, http://www.brookings.edu/~/media/research/files/papers/ 2012/2/23 cybersecurity china us singer lieberthal/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf.
[⑩] Erik M. Mudrinich, “Cyber 3.0: The Department of Defense Strategy for Operating in Cyberspace and Attribution Problem,” The Air Force Law Review, Vol. 68, p. 181.
[11] William J. Lynn, “Defending a New Domain: The Pentagon’s Cyber Strategy,” Foreign Affairs, September/October 2010, Vol. 89, No. 5, p. 97.
[12] 樊高月、赵力昌主编:《不流血的战争:网络攻防经典之战》,第123页。
[13] Jerusalem Post, “Stuxnet Specifically Targeted Iranian Nuclear Program,” The Jerusalem Post, November 20, 2010, http://www.jpost.com/Iranian-Threat/News/Stuxnet-specifically– targeted-Iranian-nuclear-program.
[14] Paul A. Matus, “Strategic Impact of Cyber Warfare Rules for the United States,” Homeland Security Digital Library, March 23, 2010, http://www.handle.dtic.mil/100.2/ADA522001.
[15] 《源代码之战》,载《国际金融报》2011年8月1日,第4版,http://paper.people.com.cn/ gjjrb/html/2011-08/01/content_885812.htm?div=-1。
[16] Michael J. Glennon, “State-level Cybersecurity,” Policy Review, February/March, 2012, p. 85.
[17] “Hacked AP Twitter Account Sends Dow Jones Down,” Southern California Public Radio, April 24, 2013, http://www.scpr.org/programs/airtalk/2013/04/23/31465/hacked-ap-twitter-account -sends-dow-jones-down/.
[18] 蒋丽、张晓兰、徐飞彪:《国际网络安全合作的困境与出路》,载《现代国际关系》2013年第9期,第56页。
[19] Yoram Dinstein, “Cyber War and International Law: Concluding Remarks at the 2012 Naval War College International Law Conference,” International Law Studies, Vol. 89, 2013, p. 284.
[20] Duncan B. Hollis, “Why States Need an International Law for Information Operations,” Lewis & Clark Law Review, Vol. 11, No. 4, 2007, pp. 1023-1024.
[21] Scott W. Beidleman, “Defining and Deterring Cyber War,” Military Technology, Vol. 11, 2011, p. 60.
[22] 顾德欣编:《战争法概论》,国防大学出版社1991年版,第9页。
[23] William Lynn, “Cyber Security,” Speech at the Center for Strategic and International Studies, June 15, 2009.
[24] “Fact Sheet: U.S.-EU Cyber Cooperation,” The White House Office of the Press Secretary, March 26, 2014, https://www.whitehouse.gov/the-press-office/2014/03/26/fact-sheet-us-eu-cyber– cooperation.
[25] “Fact Sheet: U.S.-United Kingdom Cybersecurity Cooperation,” The White House Office of the Press Secretary, January 16, 2015, https://www.whitehouse.gov/the-press-office/2015/01/16/ fact-sheet-us-united-kingdom-cybersecurity-cooperation.
[26] Franz-Stefan Gady, “Japan and the United States to Deepen Cybersecurity Cooperation,” The Diplomat, June 2, 2015, http://thediplomat.com/2015/06/japan-and-the-united-states-to– deepen-cybersecurity-cooperation.
[27]“China, Russia to Sign Information Security Pact: Report,” The Brics Post, October 21, 2014, http://thebricspost.com/china-russia-to-sign-information-security-pact-report/#.Vg4sYi-hdMs.
[28] 复旦国务智库编:《增量改进——全球治理体系的改进和升级》,复旦全球治理报告2014,复旦大学国际关系与公共事务学院,2014年,http://www.sirpa.fudan.edu.cn/_upload/arti cle/8e/7e/f72c6ae04f998c052fe4230493c5/b3ef8190-df38-40fb-829f-1a0c6f6f49a5.pdf,第36页。
[29] Salma Shaheen: “Offense-Defense Balance in Cyber Warfare,” in Jan-Frederik Kremer and Benedikt Muller, eds., Cyberspace and International Relations, Berlin: Springer, 2014, p. 91.
[30] Jon R. Lindsay: “The Impact of China on Cybersecurity,” International Security, Vol. 39, No. 3, 2014, p. 27.
[31] 《俄联邦委员会拟利用“白色黑客”应对网络攻击》,人民网,2014年1月26日,http://world.people.com.cn/n/2014/0126/c157278-24226902.html
[32] “The Chinese Cyber Threat: Challenges and Solutions,” AEI, July 22, 2015, http://www.aei.org/events/the-chinese-cyber-threat-challenges-and-sollutions/.
[33] “Cyber Security and International Law,” Chatham House, May 29, 2012, https://www. chathamhouse.org/sites/files/chathamhouse/public/Research/International Law/290512summary.pdf.
[34] 黄日涵:《网络战山雨欲来 安全困境亟须破局》,载《中国社会科学报》2014年12月10日,第B02版。
[35] 《联合国互联网治理论坛(IGF)简介》,国家工信部网站,2008年2月21日,http://www.miit.gov.cn/n11293472/n11295361/n11296722/11642344.html
[36] Mark Ballard, “UN Rejects International Cybercrime Treaty,” ComputerWeekly.com, April 20, 2010, http://www.computerweekly.com/news/1280092617/UN-rejects-international-cyber crime-treaty.
[37] 毛雨:《北约网络安全战略及其启示》,载《国际安全研究》2014年第4期,第112页。
[38] 王孔祥:《网络安全的国际合作机制探析》,载《国际论坛》2013年第5期,第4页。
[39] Joseph S. Nye, Jr, “From Bombs to Bytes: Can Our Nuclear History Inform Our Cyber Future?” Bulletin of the Atomic Scientists, 2013, Vol. 69, No. 5, p. 13.
[40] 《共同构建和平、安全、开放、合作的网络空间  建立多边、民主、透明的国际互联网治理体系》,人民网,2014年11月20日,http://politics.people.com.cn/n/2014/1120/c1024– 26057363.html。
[41] 丛培影、黄日涵:《中国网络治理模式的世界意义》,光明网,2014年12月15日,http://theory.gmw.cn/2015-12/15/content_18098761.htm
[42] 《中华人民共和国网络安全法(草案)》,中国人大网,2015年7月6日,http://www.npc. gov.cn/npc/xinwen/lfgz/flca/2015-07/06/content_1940614.htm。
[43] 《中俄等国向联合国提交“信息安全国际行为准则”文件》,新华网,2011年9月13日,http://news.xinhuanet.com/2011-09/13/c_122022390.htm
[44] Patrick Goodenough, “U.S., China Among 15 Countries Agreeing U.N. Charter Applies in Cyberspace,” CNS News, June 10, 2013, http://cnsnews.com/news/article/us-china-among-15– countries-agreeing-un-charter-applies-cyberspace.
[45] 《习近平在第二届世界互联网大会开幕式上的讲话》,新华网,2015年12月17日,http://news.xinhuanet.com/zgjx/2015-12/17/c_134925295.htm

US Cyber ​​Command established to respond to future cyber war // 美軍建立網絡司令部應對未來網絡戰爭

US Cyber ​​Command established to respond to future cyber war //

美軍建立網絡司令部應對未來網絡戰爭

四星上将基斯·亚历山大将出任美国网络司令部的首位司令员

From Zhuhai Security Bureau, People’s Republic of China

May 21, 2010, the US Department of Defense announced that in order to fight hostile countries and hacker attacks, the US Cyber ​​Command was officially launched. The US Air Force Combat Command and the same level of the unit by a former intelligence officer Alexander Keith four-star general in charge. As early as June last month, US Defense Secretary Robert Gates ordered the formation of Cyber ​​Command, after a year of preparation, Cyber ​​Command is now fully operational. This initiative of the US, indicating that the network will be an important piece of the future war position, “cyberwarfare” This unconventional war will be inevitable.

US forces have been brewing for a long time

  The United States as a global network of organizers, was the first country to apply real network, the establishment and operation of its network warfare units already brewing for some time, media reports from the outside world can be roughly about 12.

  First, conventional offensive and defensive team growing. According to the US cyber war years of defense experts Joel Harding assessment, the US Department of Defense has more than 15,000 computer networks in more than 4,000 military bases in 88 countries and regions, a total of more than 5,000 information warfare specialists, 5 ~ 70,000 soldiers involved in cyber warfare, coupled with the original electronic warfare officer, the number of American combat troops should be in the network of about 88700 people, which means that the number of US network warfare units have been the equivalent of 7 101 airborne division, as the network commander establishing unit, I believe that this figure will surge. This force must not only bear the task of network defense, other countries will also network and electronic systems for covert attacks, the United States access to a variety of intelligence information needed, and can quickly invade the enemy in wartime network system paralyzed the enemy command networks and electronic weapons systems.

Second, the unified command superior forces continue to integrate. Currently, the US network warfare units formed by relatively scattered, the armed forces have a certain strength, and has long competition for the services network warfare dominance, competition has been fierce. Such as: in 2002 in Virginia, Naval Network Warfare Command was established, the preparation of 60 people, the Navy Fleet Command Information Warfare Center worldwide, Navy networks and space operations and the Navy Command, computer network defense commando teams cyber warfare units 7,000 officers and men. US Air Force Network Warfare Command Territories 4 NWW, including the famous 67th NWW. The wing has five intelligence brigade, 35 Intelligence Squadron, a total of more than 8000 soldiers, resident in more than 100 locations worldwide, personnel and equipment throughout the “other continents except Antarctica.” US Army from July 2008 officially launched the construction of army battalions network, currently distributed network operations personnel in Iraq, Afghanistan and other places, to assist the local US network warfare activities, cyber warfare experts have thousands of people. Now, the formal establishment of Network Warfare Command, these advantages is to be effective and reasonable integration of forces, the US network warfare units to improve the organizational system, to achieve a high degree of unity of command and management, improve the operational effectiveness.

The third is capable of practical tactics and equipment continue to improve. US troops have been developed more than 2,000 kinds of computer viruses weapons, such as “logic bombs” and “trap door”, etc., hardware, electromagnetic pulse bombs, infrasound weapon system, the kinetic energy interceptor and high-power microwave weapons, other countries can network physical attack vector. According to reports, the US military in 2008 bombed a facility in Syria, on the use of an airborne system, airborne invasion by the enemy and operate network sensors, so that the loss of the enemy early warning function. Over the years, the US military cyber warfare tactics and constantly enrich and improve, from the media point of view, the early offensive tactics “backdoor”, “bomb attack”, in recent years has studied the “botnet”, “cast a wide net” and other . Thus, it is easy to see the US network warfare units “tip of the iceberg”, and its emphasis on cyberwarfare.

Inspiration

US Cyber ​​Command to build us a profound revelation. We should speed up the pace of global military development to adapt to, and actively play and use network advantages, strengthen the network supervision and active defense, to build a network can attack and defend the shield.

A revelation: to clarify understanding. In recent years, not only the United States established a Cyber ​​Command, several countries Israel, Russia, Britain, Germany, France, Japan, South Korea and India have been established or are planning to set up a network command system and mechanisms of war. Allegedly, Taiwan in early 2001 formally established what is known as “Tiger Force” network information warfare units, the main task is to sneak through the network related sites, to collect all kinds of confidential information and intelligence collection and development of various secret computer virus, to create “electronic bomb” attack the target network. Faced with serious challenges, we can only turn pressure into motivation, the real renew our concept, calm response, rapid response, to explore with Chinese characteristics cyberspace to victory as soon as possible.”Scholars Sushi, fitters who cares Junjie,” the army as mighty undefeated division, should be thought of cyberwarfare have a clear understanding of height, to a set of effective countermeasures, have a professional reliable team to adapt to new changes in the new military confrontation in the new situation.

Revelation II: build a strong foundation. Anti-sense of confidentiality between laws and regulations and information security officers are doing the work of the foundation. Really good job between anti-army under the condition of information security work, and the headquarters of the Central Military Commission has formulated a series of laws and regulations of confidentiality from the “People’s Liberation Army Secrets Act” and “the rule of confidentiality ’10 allowed ” to ‘prevention crime Ordinance, “” military computers connected Internet regulations, “and” military regulations on the Internet, “and” strictly guard against network leak ‘ten ban,’ “and so on. Currently, the regulations should integrate our military resources, to build full list of information security regulations, while increasing by between anti-secrecy, to guide the officers and men “correct knowledge network, regulate online” really lay a solid foundation of information security from the end.

Revelation 3: Aggregate talent. In recent years, the CIA and the military attaches great importance to cultivate high-tech talent, and even recruit hackers for their own use, constantly stealing his country’s secret and are ready to do the vanguard of conventional forces, to combat damage other network systems. US National Defense University military historian Daniel Kool noted that the Pentagon’s interest in cyber warfare has reached a degree of “religious fanaticism” in this frenzy, groups of hackers amnesty, are trained to the new professional military hackers. Reserve personnel is a necessary condition to deal with high-tech development, at present, we should actively search for network technicians to build a formal, professional, the strength of the team to respond to current and future needs of the network security cyber war.

Inspiration Four: to strengthen the defense. “Art of War” said: “No it does not rely just sit on there is also pending; it does not rely attack, something I can not rely attack also.” Strong defense against foreign invasion is the most effective means of building a solid sturdy defense can keep the enemy thousands of miles away, which rely on the continuous development of network technology and improve. We should therefore innovation in the development of advanced and useful technology network protection efforts, as I hold up an umbrella network system to ensure the safety and combat consolidated.

Revelation five: as active. Although the US Department of Defense stressed that the main task of Cyber ​​Command is defensive operations, but its covert intelligence to steal his country under the surface rhetoric, his country’s intention to attack the essence of network information system, has long been self-evident. During the Iraq war, Iraq top-level domain “.iq” application and analytical work is terminated America, all URLs with “.iq” suffix from the Internet site all evaporated in the Internet can not see any information from Iraq, which the US military quickly and efficiently to win the war in Iraq provides an important prerequisite. Information age, cyber warfare has become a “bear the brunt, full use” in the true sense of the style of warfare, to national security has brought new and unprecedented challenges, we want to provide intellectual support for the safe and stable development of the country and the army, in order to conventional war wartime to provide “security win” a prerequisite for the battle ill-prepared to deal with future networks.

Original Mandarin Chinese:

四星上将基斯·亚历山大将出任美国网络司令部的首位司令员

2010年5月21日,美國國防部對外宣布,為了打擊敵對國家和黑客的網絡攻擊,美軍網絡司令部正式啟動。這一與美空軍作戰司令部平級的單位,由情報軍官出身的四星上將基斯·亞歷山大執掌。早在去年6月,美國防部長羅伯特·蓋茨就下令組建網絡司令部,歷經一年的籌備,網絡司令部現已全面開始運轉。美軍的這一舉措,預示著網絡將是未來戰爭中的一塊重要陣地,“網絡戰”這種非常規戰爭將在所難免。

美軍此舉已醞釀多時

美國作為全球網絡化的組織者,是最早將網絡運用於實戰的國家,其網絡戰部隊的建立與運轉早已醞釀多時,從外界媒體的報導大致能夠了解一二。
一是攻守兼備的常規隊伍不斷增強。根據研究美軍網絡戰多年的防務專家喬爾·哈丁評估,美國國防部在全球88個國家和地區的4000多個軍事基地內擁有超過1.5萬個電腦網絡,共有5000餘名信息戰專家,5 ~7萬名士兵涉足網絡戰,再加上原有的電子戰人員,美軍網絡戰部隊人數應該在88700人左右,這意味著美軍網絡戰部隊人數已相當於7個101空降師,隨著網絡司令部的建立,相信這個數字還將激增。這支部隊不但要承擔網絡防禦的任務,還將對別國的網絡和電子系統進行秘密攻擊,獲取美國所需要的各種情報信息,並能在戰時迅速侵入敵方網絡系統,癱瘓敵方的指揮網絡和電子武器系統。
二是統一指揮的優勢力量不斷整合。當前,美軍所形成的網絡戰部隊相對比較分散,在海陸空三軍都有一定的力量,而且長期以來各軍種為爭奪網絡戰的主導權,一直競爭激烈。如:於2002年在弗吉尼亞州成立的海軍網絡戰司令部,編制60人,指揮全球範圍內的海軍艦隊信息戰中心、海軍網絡和太空行動司令部及海軍計算機網絡防禦特攻隊等網絡戰單位的7000名官兵。美空軍網絡戰司令部管轄4個網絡戰聯隊,包括大名鼎鼎的第67網絡戰聯隊。該聯隊有5個情報大隊、35個情報中隊,總計超過8000名官兵,駐地分佈在全球100多個地點,人員和裝備遍及“除南極洲之外的其他大陸”。美陸軍從2008年7月正式啟動陸軍網絡作戰營建設,目前網絡戰人員分佈在伊拉克、阿富汗等地,協助當地美軍進行網絡戰活動,擁有的網絡戰專家也達數千人。現在,正式成立網絡戰司令部,就是要將這些優勢力量進行有效合理的整合,來完善美軍網絡戰部隊的建制,實現指揮和管理的高度統一,提高作戰效能。
三是精幹實用的裝備戰法不斷完善。美軍現已研製出2000多種計算機病毒武器,如“邏輯炸彈”和“陷阱門”等,硬件方面,有電磁脈衝彈、次聲波武器系統、動能攔截彈和高功率微波武器,可對別國網絡的物理載體進行攻擊。據報導,美軍在2008年轟炸敘利亞某設施時,就使用了一種機載系統,通過空降侵入並操作敵方網絡傳感器,使敵方喪失預警功能。這些年,美軍網絡戰戰術不斷豐富和完善,從媒體報導來看,早期的進攻戰術有“後門程序”、“炸彈攻擊”等,近年來又研究了“殭屍網絡”、“廣泛撒網”等。由此,不難看出美軍網絡戰部隊的“冰山一角”,及其對網絡戰的重視程度。

幾點啟示

美軍建立網絡司令部給我們帶來了深刻的啟示。我們應加快適應世界軍事發展的步伐,積極發揮和利用網絡優勢,加強對網絡的監管和主動防禦,構建可攻可守的網絡盾牌。
啟示一:釐清認識。近年來,不僅美國建立了網絡司令部,以色列、俄羅斯、英國、德國、法國、日本、韓國、印度等多個國家都已經建立或正在籌劃建立網絡戰爭的指揮體系和機制。據稱,台灣也早在2001年就正式建立了被稱為“老虎部隊”的網絡信息戰部隊,主要任務就是通過網絡潛入相關網站,蒐集各種機密信息與情報,秘密收集與研發各種電腦病毒,製造“電子炸彈”攻擊目標網絡系統。面對嚴峻挑戰,我們唯有變壓力為動力,真正解放思想、更新觀念、冷靜應對、迅速反應,盡快探索出有中國特色的網絡空間制勝之道。 “儒生俗士,識時務者,在乎俊傑”,我軍作為威武不敗之師,應從思想上對網絡戰有高度清晰的認識,要有一套行之有效的應對之策,要有一支專業的可靠隊伍,以適應新軍事對抗中的新情況新變化。
啟示二:築牢根基。法規制度和官兵的防間保密意識是做好信息安全工作的根基。為切實做好信息化條件下我軍防間保密工作,軍委和總部先後製定出台了一系列保密法規制度,從《中國人民解放軍保密條例》及“保密守則’十不准’”,到《預防犯罪工作條例》、《軍隊計算機連接國際互聯網管理規定》以及“軍人上互聯網的規定”,再到“嚴密防範網絡洩密’十條禁令’”等。當前,應當整合我軍法規資源,構建完整齊備的信息安全保密法規體系,同時通過加大防間保密教育,引導官兵“正確識網、規範上網”,真正從末端打牢信息安全的根基。
啟示三:聚合人才。近年來,美國中央情報局及軍方非常注重培養高科技人才,甚至招募黑客為自己所用,不斷竊取他國秘密並隨時準備為常規部隊做好先鋒隊,打擊破壞對方網絡系統。美國國防大學軍事史專家丹尼爾·庫爾指出,五角大樓對於網絡戰的興趣已經達到了“宗教狂熱”的程度,在這種狂熱下,一批批黑客被招安,被訓練成新的專業軍事黑客。人才的儲備是應對高科技發展的必要條件,當前,我們應積極搜尋網絡技術人才,構建一支正規、專業、有實力的隊伍,以應對現在網絡安全防範和未來網絡戰爭的需求。
啟示四:加強防禦。 《孫子兵法》曰:“無恃其不來,恃吾有以待也;無恃其不攻,恃吾有所不可攻也。”堅強的防範是抵禦外侵最有效的手段,築實一條堅固的防線可以御敵於千里之外,這就要靠網絡技術的不斷發展和提高。因此,我們應當在自主創新研發先進、有用的網絡防護技術上下功夫,為我網絡系統撐起一把保護傘,確保安全和戰鬥力鞏固。
啟示五:主動作為。雖然美國防部強調網絡司令部的主要任務是防禦作戰,但是其隱蔽於表面辭藻之下的竊取他國情報、攻擊他國網絡信息系統的實質意圖,早已不言自明。伊拉克戰爭期間,伊拉克頂級域名“.iq”的申請和解析工作被美國終止,所有網址以“.iq”為後綴的網站全部從互聯網蒸發,在互聯網無法看到來自伊拉克的任何信息,這為美軍迅速高效打贏伊戰提供了重要前提。信息化時代,網絡戰已經成為真正意義上的“首當其衝、全程使用”的作戰樣式,給國家安全帶來了嶄新的、空前的挑戰,我們要為國家和軍隊的安全穩定發展提供智力支撐,為戰時的常規戰爭提供“保打贏”的先決條件,為應對未來網絡攻防戰做足準備。

 

Original Source X

Cyberspace Adminstration of China: Strategic High Ground of Information Warfare: spatial information confrontation // 中央網絡安全和信息勇空間管理空間信息對抗:信息化戰爭的戰略制高點

中央網絡安全和信息勇空間信息對抗:信息化戰爭的戰略制高點

中央網絡安全和信息勇

2015年06月15日

中國網絡空間管理

    All things Internet era, we must rethink the current and future military struggle in the forefront of what? We are talking about local information technology local war where? Information War made the strategic high ground right where?

All things Internet era, control of information has become the battlefield to win the right to the core of an integrated system, “no network without fighting,” “no victorious day” has become iron law, spatial information system for winning the right to become a strategic war to safeguard national sovereignty, security and development interests ground. It extends to the battlefield where, where the initiative will expand the competition. The main countries in the world attach great importance to and respond to threats and challenges from outer space, the space around the right to development, ownership and control, in a fierce competition.

    Spatial information against a new means of strategic deterrence quality checks and balances

Spatial information can play against fighting the enemy afraid, Gongdi key is a new means of strategic deterrence quality of checks and balances. On the one hand, with a strong spatial information attack capability, can effectively curb space power, space to defend the sovereignty, enhance the right to speak and the initiative in the international arena; on the other hand, has enough spatial information defense, deterrence and containment can launch the Iraq war opponents button, effectively resist the threat and destruction in outer space, to prevent loss of control of the space.

The United States will “Space confrontation” as a strategic deterrent capability and the “Global Strike” and “nuclear strike” both, and since 2001 has performed seven times, “Schriever” space combat computer simulation exercises; vigorously the development, testing and deployment of space information weapon, launching the world’s first reusable aircraft able to detect, control, capture, destroy the spacecraft his country “orbital test vehicle” X-37B space fighter, space fighter program in 2025 to deploy troops in outer space; “global commons domain intervention and joint mobility “concept vowed to quickly weaken the enemy space facilities capacity through non-kinetic measures to destroy its anti-space capabilities in key elements. Russia to develop “military space recovery plan,” President Putin has restarted “crown” anti-satellite project, focusing on the development of anti-satellite weapons, the “strategic air and space battles” as the basic style of air and space operations, three satellite launch last year and aerospace It is regarded by the United States’ aerospace killer “and ready after 2016 to establish a modern space combat system. Japan’s new “cosmic basic plan” clearly states “actively enter the field of space”, was “modern security”, expanded and enhanced features for satellites to monitor vessels at sea and ground facilities, and trying to build a set of positioning, communication and intelligence gathering and other functions in one of the new satellite systems, the scope of application of force to achieve the SDF land, sea, air, space-round leap.

    Spatial information into a military confrontation priority areas for capacity-building

From the world’s military development, the right to take on the overall system of spatial information system other rights, the right to seize control of the spatial information is action battle for dominance of the main action. Local Wars practice, there is no right to make spatial information, the Air Force is difficult to combat, navy naval difficult, with even the best of other weapons and equipment may also be vulnerable to attack.Spatial Information confrontation multidimensional space operations provide important support, “new quality” of the combat system is the ability to generate combat multiplier, it will be the focus of capacity-building in the military field. From Seizing Control of the means, the space combat information control, and flexibility, the use of low threshold, a wide scope, with less damage, be cost-effective, it should be current and future space supremacy capacity-building period key development areas.

Currently, the United States actively promote Asia “rebalancing” strategy, trying to fight the development of spatial information capabilities, not only to develop electronic interference and covert soft kill hard against damage and other spatial information means, actively develop their own approach, rendezvous and docking and other space-based technology against the core , also focused on the development of satellite communications electronic jamming, near real-time detection, interference signal feature recognition, sources of interference positioning technology, efforts to develop a variety of space-based anti-satellite weapons, and has begun to deploy automated attacks, identity systems. November 14, 2012 the United States and Australia announced that the US will place a powerful Air Force C-band radar and space telescope in Australia, and it is clear that the United States will shift the strategic part of Asia. This will enable the US forward-deployed every day to keep better track of up to 200 confirmed over the Asia-Pacific and orbital spacecraft and potential anomalies. According to US media reports, the US Air Force and Lockheed Martin in February this year to start construction work in the future, “Space Fence” The new radar system, which also marks the United States started the S-band ground-based radar system, the radar system will replace the United States in the 1960s developed space surveillance systems. Russia’s “Military News” May 18 reported that Air Force Secretary James declared that the US Air Force budget of $ 5 billion has been requested to establish a defense system for the military space to prepare for a possible conflict. Japan’s space development strategy headquarters set up monitoring force and space, and proposed the next 10 years will be launched 45 satellites ambitious goals in the positive development of the second generation of IGS reconnaissance satellite system, while seeking cooperation with ASEAN countries, to build a Japan center, a network of 68 satellite Earth observation satellites, in an attempt to obtain information from other countries and share with the United States at the same time, strengthen the surrounding sea routes to Japan, the Diaoyu Islands and the adjacent waters of the maritime surveillance capability. According to Japan’s Kyodo News reported, the new “US-Japan defense cooperation guidelines” emphasize the importance of space situational awareness, Japan’s “quasi-zenith” satellite system with US satellite positioning system to achieve docking, the US and Japan will strengthen ocean surveillance satellite, by sharing global marine intelligence, to ensure maritime security channel. Russia already has “reconnaissance, attack, defense” against the ability of spatial information integration, particularly in the fight against satellite communications, missile and space defense confrontation, GPS confrontation, antagonism and kinetic energy anti-satellite laser, etc., with strong technical reserves. Indian space reconnaissance and surveillance satellite system has taken shape, the satellite communication network has covered South Asia and the surrounding area, it has achieved near-real-time satellite communication between the services.

    Spatial information warfare against the construction and development should focus grasp

Do a good job preparing military struggle, we must make efforts to grasp the initiative in the military struggle space and cyberspace, problem-oriented and adhere to asymmetric development, according to the lean, joint, multi-energy, high efficiency requirements, to ensure the good spatial information focus of fighting against the construction.

Set the right strategic direction. On the basis of the importance of space supremacy, attaches great importance to the construction and development of spatial information against the problem, deal with spatial information science strength confrontational relationship with other strategic force for development, to ensure priority development of spatial information countervailing force. Implement the military strategy for the new period, co-ordination within and outside Xinjiang Xinjiang, preparing for war with the stop, deter and combat, constantly important areas and key links to achieve new breakthroughs; spatial information against the building into the overall layout of the army information construction, improve space iNFORMATION wARFARE development strategy planning; constantly improve the system of operational doctrines, promote space information against the construction work and orderly conduct.

Adhere to military and civilian integration. Strengthening military and civilian integration concept, the basic role of market in resource allocation, according to civil-military integration path of development, through laws, and rich integration of forms and expand the scope of integration, improve the level of integration in the scientific research and technology, weaponry, personnel training, etc. aspects, all-round, multi-domain integration, spatial information against the construction of rich resources and development potential. Pay attention to the military think tank function, strengthen the theoretical study of spatial information confrontation and practical issues, exploration of space information confrontation theoretical system, a clear focus on the construction, development of specific plans, enrich and develop operational guidance to ensure that the substantive work forward.

Construction expertise system. According to aim at the forefront, major breakthroughs require leapfrog development, accelerate the building space information confrontation power system, the formation of spatial information ability to fight as soon as possible. Spatial information effectively combat weaponry put strategic position, pay attention to the fight against cross-border joint information space forces the leading role of the traditional power and strength and spatial information of conventional power, to achieve full-dimensional spatial information to flow freely. Actively promote the use of force against spatial information, spatial information to support real-time navigation information reconnaissance operations exercises, testing and training, the formation of combat capability as soon as possible.

Focus on technological innovation. Strengthen technology research efforts, emphasis on spatial information against key technological innovation, stepping up confrontation frontier exploration of space information technology, focusing on the development of advanced satellite communications confrontation, confrontation reconnaissance and surveillance, target feature recognition, information processing technology, and make breakthroughs can promote space information confrontation key technology and equipment updates; attention, independent research and development may change combat style, disruptive technology group rules of engagement, to prevent enemies of my sudden formation of a technical strategy, efforts to form the enemy I have, I have no enemy and some non symmetrical technological superiority.

Original Mandarin Chinese:

萬物互聯的時代,我們必須重新思考,當前和未來軍事鬥爭的前沿在哪?我們所說的信息化局部戰爭的局部在哪?信息化戰爭制權的戰略制高點在哪?
萬物互聯的時代,制信息權成為奪取戰場綜合製權的核心,“無網不戰”“無天不勝”成為戰爭制勝的鐵律,制空間信息權成為維護國家主權、安全和發展利益的戰略制高點。戰場延伸到哪裡,哪裡就會展開主動權的爭奪。世界主要國家高度重視和應對來自外層空間的威脅與挑戰,圍繞太空發展權、主導權和控制權,展開了激烈角逐。
空間信息對抗成為戰略威懾制衡的新質手段
空間信息對抗作戰能打敵所怕、攻敵要害,是戰略威懾制衡的新質手段。一方面,具備強大的空間信息攻擊能力,就可有效遏制太空霸權、捍衛空間主權,提昇在國際舞台的話語權和主動權;另一方面,擁有足夠的空間信息防禦能力,就可威懾和遏制對手輕啟戰爭按鈕,有效抵禦外層空間的威脅和破壞,防止失去對太空的控制權。
美將“空間對抗行動”視為與“全球打擊”和“核打擊”並重的戰略威懾能力,2001年以來先後進行7次“施里弗”太空作戰計算機模擬演習;大力研製、試驗和部署空間信息作戰武器,發射全球首架可重複使用的能夠偵察、控制、捕獲、摧毀他國航天器的“軌道試驗飛行器”X-37B空天戰機,計劃2025年在外層空間部署太空戰鬥機部隊;“全球公域介入與機動聯合”概念宣稱要通過非動能措施迅速弱化敵太空設施能力,破壞其反太空能力中的關鍵要素。俄羅斯制定“太空軍事復興計劃”,總統普京已重啟“樹冠”反衛星項目,重點發展反衛武器,把“戰略性空天戰役”作為空天作戰的基本樣式,去年發射的3顆衛星和航天器被美視為“航天殺手”,並準備在2016年前後建成現代太空作戰系統。日本新《宇宙基本計劃》明確指出要“積極進入太空領域”,獲得“現代化的安全保障”,擴充和強化用於監視海上船舶和地面設施的偵察衛星的功能,試圖通過構建一個集測位、通信和情報蒐集等多功能於一體的新衛星系統,實現自衛隊力量運用範圍的陸、海、空、天全方位跨越。
空間信息對抗成為軍事能力建設重點領域
從世界軍事發展看,制空間信息權統攬其他制權,奪取制空間信息權行動是爭奪戰爭主導權的主體行動。從局部戰爭實踐看,沒有製空間信息權,空軍難以空戰,海軍難以海戰,擁有再好的其他武器裝備也可能被動挨打。空間信息對抗為多維空間作戰行動提供重要支撐,是作戰體系的“新質”,是作戰能力生成的倍增器,必將是軍事能力建設的重點領域。從爭奪制天權的手段看,空間信息對抗可控性強、靈活性好,運用門檻低、作用範圍廣、附帶損傷小、效費比高,應是當前和今後一個時期制天權能力建設發展的重點領域。
目前,美積極推進亞太“再平衡”戰略,竭力發展空間信息對抗能力,不僅大力發展電子乾擾軟殺傷和隱性硬毀傷等空間信息對抗手段,積極發展自主逼近、交會對接等天基對抗核心技術,還重點研製衛星通信電子乾擾、近實時探測、干擾信號特徵識別、干擾源定位技術,努力發展各種天基反衛星武器,且已開始部署自動攻擊、識別系統。 2012年11月14日美國和澳大利亞聯合宣布,美軍將在澳大利亞安置功能強大的空軍C波段雷達和太空望遠鏡,並明確表示這是美國將戰略轉向亞洲的一部分。這一前沿部署將使美每天能夠更好地跟踪確認多達200個亞太上空航天器及其軌道和潛在的異常現象。據美國媒體披露,美國空軍與洛克希德馬丁公司在今年2月啟動了未來“太空籬笆”新型雷達系統的建設工作,這也標誌著美國開始啟動了S波段地基雷達系統,該雷達系統將取代美國20世紀60年代研發的太空監視系統。俄羅斯《軍工新聞網》5月18日報導,美國空軍部長詹姆斯宣稱,美空軍已要求50億美元的預算以建立一個防禦系統,為可能發生的太空軍事衝突做準備。日本成立宇宙開發戰略總部和太空監測部隊,並提出今後10年將發射45顆衛星的宏偉目標,在積極發展第二代IGS偵察衛星系統的同時,正在謀求與東盟國家合作,構建一個以日本為中心、由68顆衛星組成的地球觀測衛星網絡,企圖從他國獲得情報並與美國共享的同時,加強對日本周邊海上要道、釣魚島及其附近海域的海洋監視能力。據日本共同社報導,新版《美日防衛合作指針》強調太空態勢感知的重要性,日本“準天頂”衛星系統與美國衛星定位系統將實現對接,美日將利用衛星加強海洋監視,通過共享全球海洋情報,確保海上通道安全等。俄已具備“偵、攻、防”一體的空間信息對抗能力,特別是在衛星通信對抗、導彈和空間防禦對抗、GPS對抗、激光對抗和動能反衛等方面,擁有雄厚的技術儲備。印度空間偵察監視衛星系統已初具規模,衛星通信網已覆蓋南亞及周邊地區,各軍種之間已實現近實時衛星通信。
空間信息對抗作戰建設發展應把握的著力點
抓好軍事鬥爭準備,必須努力掌握太空和網絡空間軍事鬥爭主動權,堅持問題導向和非對稱發展,按照精幹、聯合、多能、高效的要求,切實把好空間信息對抗作戰建設的著力點。
確立正確戰略指導。在重視制天權的基礎上,高度重視空間信息對抗建設發展問題,科學處理空間信息對抗力量與其他戰略力量發展的關係,保證優先重點發展空間信息對抗力量。貫​​徹新時期軍事戰略方針,統籌疆內與疆外、備戰與止戰、威懾與實戰,不斷實現重要領域和關鍵環節的新突破;把空間信息對抗建設納入軍隊信息化建設總體佈局,搞好空間信息對抗發展戰略籌劃;不斷完善作戰條令體系,促進空間信​​息對抗各項建設和工作有序開展。
堅持軍民融合發展。強化軍民融合發展觀念,發揮市場在資源配置中的基礎性作用,按照軍民融合式發展路子,通過法規建設,豐富融合形式、拓寬融合範圍、提高融合層次,在科研技術、武器裝備、人才培養等方面,進行全方位、多領域融合,為空間信息對抗建設提供豐富資源和發展後勁。注重發揮軍地智庫功能,加強空間信息對抗的理論和實踐問題研究,探索空間信息對抗理論體系,明確建設重點、制定具體計劃,豐富和發展行動指導,確保各項工作實質性推進。
構建專業力量體系。按照瞄準前沿、重點突破、跨越式發展的要求,加速構建空間信息對抗力量體系,盡快形成空間信息對抗能力。把空間信息對抗武器裝備切實擺上戰略位置,注重發揮空間信息對抗力量對傳統力量的帶動作用和空間信息力量與傳統力量的跨域聯合,實現信息在全維空間自由流動。積極推進空間信息對抗力量運用,進行空間信息偵察實時支援引導信息作戰行動的演習、試驗和訓練,盡快形成體係作戰能力。
關注技術創新。加強技術攻關力度,重視空間信息對抗關鍵技術創新,加緊探索空間信息對抗前沿技術,注重發展先進的衛星通信對抗、偵察和監視對抗、目標特徵識別、信息處理等技術,著力突破能夠推動空間信息對抗裝備更新的關鍵技術;高度關注、自主研發可能改變作戰樣式、作戰規則的顛覆性技術群,防止強敵對我形成技術上的戰略突然性,努力形成敵有我有、敵無我有的非對稱技術優勢。